CVE-2023-52494

bus: mhi: host: Add alignment check for event ring read pointer

References

https://cve.org/CVERecord/?id=CVE-2023-52494

Notes

 carnil> Introduced in ec32332df764 ("bus: mhi: core: Sanity check values from remote
 carnil> device before use"). Vulnerable versions: 5.10.36 5.11.20 5.12.3 5.13-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
5.10-bullseye-security	needed
5.10-upstream-stable	needed
6.1-bookworm-security	released (6.1.76-1)
6.1-upstream-stable	released (6.1.76) [2df39ac8f813860f79782807c3f7acff40b3c551]
6.6-upstream-stable	released (6.6.15) [a9ebfc405fe1be145f414eafadcbf09506082010]
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (6.6.15-1)
upstream	released (6.8-rc1) [eff9704f5332a13b08fbdbe0f84059c9e7051d5f]