CVE-2023-53521

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()

A fix for:

BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013

When edev->components is zero, accessing edev->component[0] members is wrong.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 76f7050537476ac062ec23a544fbca8270f2d08baffected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 87e47be38d205df338c52ead43f23b2864567423affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 40af9a6deed723485e05b7d3255a28750692e8dbaffected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 8f9542cad6c27297c8391de3a659f0b7948495d0affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 0595cdb587726b4f0fa780eb7462e3679d141e82affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 82143faf01dda831b89eccef60c39ef8575ab08aaffected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 2fb1fa8425cce2dc4dce298275d22d7077694b73affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 578797f0c8cbc2e3ec5fc0dab87087b4c7073686affected
LinuxLinux2.6.25affected
LinuxLinux0 < 2.6.25unaffected
LinuxLinux4.14.308 <= 4.14.*unaffected
LinuxLinux4.19.276 <= 4.19.*unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.99 <= 5.15.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References