CVE-2023-52764

Updated: 2025-09-28 04:14:31.479964

Description:

In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the value of the variable "sd->params.exposure.gain" exceeds the number of bits in an integer, a shift-out-of-bounds error is reported. It is triggered because the variable "currentexp" cannot be left-shifted by more than the number of bits in an integer. In order to avoid invalid range during left-shift, the conditional expression is added.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1759866837 2025-10-08 07:14:10 Ignored due to low severity
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1761139764 2025-11-10 19:27:01 Ignored due to low severity
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1759431860 2025-10-15 23:33:13 Ignored due to low severity
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH In Testing 2025-11-27 20:53:51 Ignored due to low severity
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH In Progress 2025-11-13 10:41:50 Ignored due to low severity
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1763722365 2025-11-21 22:44:41 Ignored due to low severity
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-09-24 19:42:45 Ignored due to low severity
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-11-08 02:16:10 CL7 support is limited
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1761074747 2025-10-21 22:04:10 Ignored due to low severity
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1759431869 2025-10-02 23:04:02
Total: 14