{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-52764","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T15:19:24.238Z","datePublished":"2024-05-21T15:30:49.032Z","dateUpdated":"2026-01-05T10:17:14.173Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:17:14.173Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type 'int'\n\nWhen the value of the variable \"sd->params.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/usb/gspca/cpia1.c"],"versions":[{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"69bba62600bd91d6b7c1e8ca181faf8ac64f7060","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"2eee8edfff90e22980a6b22079d238c3c9d323bb","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"8f83c85ee88225319c52680792320c02158c2a9b","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"c6b6b8692218da73b33b310d7c1df90f115bdd9a","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"09cd8b561aa9796903710a1046957f2b112c8f26","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"a647f27a7426d2fe1b40da7c8fa2b81354a51177","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"93bddd6529f187f510eec759f37d0569243c9809","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"e2d7149b913d14352c82624e723ce1c211ca06d3","status":"affected","versionType":"git"},{"version":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70","lessThan":"099be1822d1f095433f4b08af9cc9d6308ec1953","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/usb/gspca/cpia1.c"],"versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","status":"unaffected","versionType":"semver"},{"version":"4.14.331","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.300","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.262","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.202","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.140","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.64","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.5.13","lessThanOrEqual":"6.5.*","status":"unaffected","versionType":"semver"},{"version":"6.6.3","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"4.14.331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"4.19.300"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.4.262"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.10.202"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.15.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.1.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.5.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.6.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"},{"url":"https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"},{"url":"https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"},{"url":"https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"},{"url":"https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"},{"url":"https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"},{"url":"https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"},{"url":"https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"},{"url":"https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"}],"title":"media: gspca: cpia1: shift-out-of-bounds in set_flicker","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:11:35.774Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-52764","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:37:06.356182Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:31.755Z"}}]}}