CVE-2023-53320
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
The function mpi3mr_get_all_tgt_info() has four issues:
It calculates valid entry length in alltgt_info assuming the header part of the struct mpi3mr_device_map_info would equal to sizeof(u32). The correct size is sizeof(u64).
When it calculates the valid entry length kern_entrylen, it excludes one entry by subtracting 1 from num_devices.
It copies num_device by calling memcpy(). Substitution is enough.
It does not specify the calculated length to sg_copy_from_buffer(). Instead, it specifies the payload length which is larger than the alltgt_info size. It causes "BUG: KASAN: slab-out-of-bounds".
Fix the issues by using the correct header size, removing the subtraction from num_devices, replacing the memcpy() with substitution and specifying the correct length to sg_copy_from_buffer().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f5e6d5a343761081317c89d23489c93fbafc69ff < 8ba997b22f2cd5d29aad8c39f6201f7608ed0c04 | affected |
| Linux | Linux | f5e6d5a343761081317c89d23489c93fbafc69ff < 2f3d3fa5b8ed7d3b147478f42b00b468eeb1ecd2 | affected |
| Linux | Linux | f5e6d5a343761081317c89d23489c93fbafc69ff < fb428a2005fc1260d18b989cc5199f281617f44d | affected |
| Linux | Linux | 5.19 | affected |
| Linux | Linux | 0 < 5.19 | unaffected |
| Linux | Linux | 6.1.16 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.3 <= 6.2.* | unaffected |
| Linux | Linux | 6.3 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://git.kernel.org/stable/c/8ba997b22f2cd5d29aad8c39f6201f7608ed0c04
- https://git.kernel.org/stable/c/2f3d3fa5b8ed7d3b147478f42b00b468eeb1ecd2
- https://git.kernel.org/stable/c/fb428a2005fc1260d18b989cc5199f281617f44d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.