CVE-2023-52764

In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the value of the variable "sd->params.exposure.gain" exceeds the number of bits in an integer, a shift-out-of-bounds error is reported. It is triggered because the variable "currentexp" cannot be left-shifted by more than the number of bits in an integer. In order to avoid invalid range during left-shift, the conditional expression is added.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953	Patch
https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26	Patch
https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb	Patch
https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060	Patch
https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b	Patch
https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809	Patch
https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177	Patch
https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a	Patch
https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3	Patch
https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953	Patch
https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26	Patch
https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb	Patch
https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060	Patch
https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b	Patch
https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809	Patch
https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177	Patch
https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a	Patch
https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

23 Sep 2025, 19:52

Type	Values Removed	Values Added
CWE		CWE-787
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953 -~~	() https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953 - Patch
References	~~() https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26 -~~	() https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26 - Patch
References	~~() https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb -~~	() https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb - Patch
References	~~() https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060 -~~	() https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060 - Patch
References	~~() https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b -~~	() https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b - Patch
References	~~() https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809 -~~	() https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809 - Patch
References	~~() https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177 -~~	() https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177 - Patch
References	~~() https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a -~~	() https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a - Patch
References	~~() https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3 -~~	() https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

21 Nov 2024, 08:40

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: media: gspca: cpia1: desplazamiento fuera de los límites en set_flicker. Syzkaller informó el siguiente problema: UBSAN: desplazamiento fuera de los límites en drivers/media/usb/gspca /cpia1.c:1031:27 el exponente de desplazamiento 245 es demasiado grande para el tipo 'int' de 32 bits. Cuando el valor de la variable "sd->params.exposure.gain" excede el número de bits en un número entero, se realiza un desplazamiento. Se informa un error fuera de los límites. Se activa porque la variable "currentexp" no puede desplazarse hacia la izquierda más que el número de bits de un número entero. Para evitar un rango no válido durante el desplazamiento a la izquierda, se agrega la expresión condicional.
References	~~() https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953 -~~	() https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953 -
References	~~() https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26 -~~	() https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26 -
References	~~() https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb -~~	() https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb -
References	~~() https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060 -~~	() https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060 -
References	~~() https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b -~~	() https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b -
References	~~() https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809 -~~	() https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809 -
References	~~() https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177 -~~	() https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177 -
References	~~() https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a -~~	() https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a -
References	~~() https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3 -~~	() https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3 -

21 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 16:15

Updated : 2025-09-23 19:52

NVD link : CVE-2023-52764

Mitre link : CVE-2023-52764

CVE.ORG link : CVE-2023-52764

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

7.8 /10