CVE-2023-54234
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitmap with wrong bit index. This results in memory access to invalid address and "BUG: KASAN: use-after-free". This BUG was observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add the missing initialization of mrioc->evtack_cmds.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c1af985d27da2d530c22604644e9025810f57d7c < 4e0dfdb48a824deac3dfbc67fb856ef2aee13529 | affected |
| Linux | Linux | c1af985d27da2d530c22604644e9025810f57d7c < 67989091e11a974003ddf2ec39bc613df8eadd83 | affected |
| Linux | Linux | c1af985d27da2d530c22604644e9025810f57d7c < e39ea831ebad4ab15c4748cb62a397a8abcca36e | affected |
| Linux | Linux | 5.17 | affected |
| Linux | Linux | 0 < 5.17 | unaffected |
| Linux | Linux | 6.1.16 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.3 <= 6.2.* | unaffected |
| Linux | Linux | 6.3 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/4e0dfdb48a824deac3dfbc67fb856ef2aee13529
- https://git.kernel.org/stable/c/67989091e11a974003ddf2ec39bc613df8eadd83
- https://git.kernel.org/stable/c/e39ea831ebad4ab15c4748cb62a397a8abcca36e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.