CVE-2023-7324

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses

Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < af5114d824f3511a69d68beff49ca9a7c32d44e0affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < a156a262c543fa5ff30bcb2fc6ad1a95cb4ab57aaffected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 8e454aba72805241239caf8ba9b8e5a6be772b96affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 2ecd344173a5663d523433819da0484cb268b186affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 384aa697d8f2a28b5e962f5292cdfd2e528b5df7affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < 27067c672980b497cc34048b69b12820851ac6b9affected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < b91ef85a32fdba45fcbad87dd526d73d3b6d857daffected
LinuxLinux9927c68864e9c39cc317b4f559309ba29e642168 < db95d4df71cb55506425b6e4a5f8d68e3a765b63affected
LinuxLinux2.6.25affected
LinuxLinux0 < 2.6.25unaffected
LinuxLinux4.14.308 <= 4.14.*unaffected
LinuxLinux4.19.276 <= 4.19.*unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.99 <= 5.15.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References