CVE-2023-54168

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()

The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was done in commit 515f60004ed9 ("RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size()").

Affected Software

VendorProductVersion RangeStatus
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < 3d5ae269c4bd392ec1edbfb3bd031b8f42d7feffaffected
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < 8feca625900777e02a449e53fe4121339934c38aaffected
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < 9ad3221c86cc9c6305594b742d4a72dfbd4ea579affected
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < 9911be2155720221a4f1f722b22bd0e2388d8bcfaffected
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < 3ce0df3493277b9df275cb8455d9c677ae701230affected
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < 196a6df08b08699ace4ce70e1efcdd9081b6565faffected
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < a183905869e692b6b7805b7472235585eff8e429affected
LinuxLinux839041329fd3410e07d614f81e75bb43367d8f89 < d50b3c73f1ac20dabc53dc6e9d64ce9c79a331ebaffected
LinuxLinux2.6.24affected
LinuxLinux0 < 2.6.24unaffected
LinuxLinux4.19.283 <= 4.19.*unaffected
LinuxLinux5.4.243 <= 5.4.*unaffected
LinuxLinux5.10.180 <= 5.10.*unaffected
LinuxLinux5.15.111 <= 5.15.*unaffected
LinuxLinux6.1.28 <= 6.1.*unaffected
LinuxLinux6.2.15 <= 6.2.*unaffected
LinuxLinux6.3.2 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

References