{"id":"CVE-2023-52764","summary":"media: gspca: cpia1: shift-out-of-bounds in set_flicker","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type 'int'\n\nWhen the value of the variable \"sd-\u003eparams.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added.","modified":"2026-04-02T09:43:18.645710Z","published":"2024-05-21T15:30:49.032Z","related":["ALSA-2024:5102","SUSE-SU-2024:2008-1","SUSE-SU-2024:2011-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2189-1","SUSE-SU-2024:2190-1","SUSE-SU-2024:2360-1","SUSE-SU-2024:2381-1","SUSE-SU-2024:2561-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52764.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"},{"type":"WEB","url":"https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52764.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52764"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"54e8bc5d64a651e2fb8b2366637e6a7d920a4c70"},{"fixed":"69bba62600bd91d6b7c1e8ca181faf8ac64f7060"},{"fixed":"2eee8edfff90e22980a6b22079d238c3c9d323bb"},{"fixed":"8f83c85ee88225319c52680792320c02158c2a9b"},{"fixed":"c6b6b8692218da73b33b310d7c1df90f115bdd9a"},{"fixed":"09cd8b561aa9796903710a1046957f2b112c8f26"},{"fixed":"a647f27a7426d2fe1b40da7c8fa2b81354a51177"},{"fixed":"93bddd6529f187f510eec759f37d0569243c9809"},{"fixed":"e2d7149b913d14352c82624e723ce1c211ca06d3"},{"fixed":"099be1822d1f095433f4b08af9cc9d6308ec1953"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52764.json"}}],"schema_version":"1.7.5"}