CVE-2023-53783

Summary

In the Linux kernel, the following vulnerability has been resolved:

blk-iocost: fix divide by 0 error in calc_lcoefs()

echo max of u64 to cost.model can cause divide by 0 error.

echo 8:0 rbps=18446744073709551615 > /sys/fs/cgroup/io.cost.model

divide error: 0000 [#1] PREEMPT SMP RIP: 0010:calc_lcoefs+0x4c/0xc0 Call Trace: <TASK> ioc_refresh_params+0x2b3/0x4f0 ioc_cost_model_write+0x3cb/0x4c0 ? _copy_from_iter+0x6d/0x6c0 ? kernfs_fop_write_iter+0xfc/0x270 cgroup_file_write+0xa0/0x200 kernfs_fop_write_iter+0x17d/0x270 vfs_write+0x414/0x620 ksys_write+0x73/0x160 __x64_sys_write+0x1e/0x30 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

calc_lcoefs() uses the input value of cost.model in DIV_ROUND_UP_ULL, overflow would happen if bps plus IOC_PAGE_SIZE is greater than ULLONG_MAX, it can cause divide by 0 error.

Fix the problem by setting basecost

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7caa47151ab2e644dd221f741ec7578d9532c9a3 < 9e8bf9f95f7a299fa9ea45b678d001806ad5e12caffected
LinuxLinux7caa47151ab2e644dd221f741ec7578d9532c9a3 < 6e291810fe83a384700eb24a1f714966391ed562affected
LinuxLinux7caa47151ab2e644dd221f741ec7578d9532c9a3 < 3538ade9d8c2ba41088e395de916f2599fadba8faffected
LinuxLinux7caa47151ab2e644dd221f741ec7578d9532c9a3 < bf8eb1fd6110871e6232e8e7efe399276ef7e6f6affected
LinuxLinux7caa47151ab2e644dd221f741ec7578d9532c9a3 < b96d7b4a9745fbd0c8384608ceb1f50415e862faaffected
LinuxLinux7caa47151ab2e644dd221f741ec7578d9532c9a3 < 984af1e66b4126cf145153661cc24c213e2ec231affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.99 <= 5.15.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References