CVE-2023-53320

EUVD-2023-59941
In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

The function mpi3mr_get_all_tgt_info() has four issues:

1) It calculates valid entry length in alltgt_info assuming the header part
   of the struct mpi3mr_device_map_info would equal to sizeof(u32).  The
   correct size is sizeof(u64).

2) When it calculates the valid entry length kern_entrylen, it excludes one
   entry by subtracting 1 from num_devices.

3) It copies num_device by calling memcpy(). Substitution is enough.

4) It does not specify the calculated length to sg_copy_from_buffer().
   Instead, it specifies the payload length which is larger than the
   alltgt_info size. It causes "BUG: KASAN: slab-out-of-bounds".

Fix the issues by using the correct header size, removing the subtraction
from num_devices, replacing the memcpy() with substitution and specifying
the correct length to sg_copy_from_buffer().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.19 ≤
𝑥
< 6.1.16
linuxlinux_kernel
6.2 ≤
𝑥
< 6.2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.237-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
dlm-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
gfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-64kb
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-default-base
suse enterprise server 15 SP5
5.14.21-150500.55.124.1.150500.6.59.1
fixed
kernel-docs
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-macros
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-obs-build
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-source
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-syms
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-zfcpdump
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
ocfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
reiserfs-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bpftool
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:7.2.0-362.8.1.el9_3
fixed
kernel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-abi-stablelists
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-core
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-core
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-modules
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-modules-extra
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-uki-virt
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-doc
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-modules
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-modules-extra
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-kvm
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-kvm
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-tools
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-tools-libs
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-tools-libs-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-uki-virt
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-core
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-modules
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-modules-extra
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
libperf
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
perf
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
python3-perf
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
rtla
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
rv
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/2f3d3fa5b8ed7d3b147478f42b00b468eeb1ecd2
https://git.kernel.org/stable/c/8ba997b22f2cd5d29aad8c39f6201f7608ed0c04
https://git.kernel.org/stable/c/fb428a2005fc1260d18b989cc5199f281617f44d