CVE-2023-52867 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783
https://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45
https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58
https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94
https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896
https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f
https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855
https://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4
https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783
https://lore.kernel.org/linux-cve-announce/2024052119-CVE-2023-52867-3f26@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52867
https://www.cve.org/CVERecord?id=CVE-2023-52867

History

Wed, 24 Sep 2025 01:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-787
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 20 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T15:31:57.866Z

Updated: 2025-05-04T07:44:37.299Z

Reserved: 2024-05-21T15:19:24.262Z

Link: CVE-2023-52867

Vulnrichment

Updated: 2024-08-02T23:11:36.225Z

NVD

Status : Analyzed

Published: 2024-05-21T16:15:23.597

Modified: 2025-09-24T00:47:20.150

Link: CVE-2023-52867

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2023-52867 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object