CVE-2023-53320

EPSS 0.02%
Veröffentlicht 16.09.2025 16:11:56
Zuletzt bearbeitet 17.09.2025 14:18:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

The function mpi3mr_get_all_tgt_info() has four issues:

1) It calculates valid entry length in alltgt_info assuming the header part
   of the struct mpi3mr_device_map_info would equal to sizeof(u32).  The
   correct size is sizeof(u64).

2) When it calculates the valid entry length kern_entrylen, it excludes one
   entry by subtracting 1 from num_devices.

3) It copies num_device by calling memcpy(). Substitution is enough.

4) It does not specify the calculated length to sg_copy_from_buffer().
   Instead, it specifies the payload length which is larger than the
   alltgt_info size. It causes "BUG: KASAN: slab-out-of-bounds".

Fix the issues by using the correct header size, removing the subtraction
from num_devices, replacing the memcpy() with substitution and specifying
the correct length to sg_copy_from_buffer().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8ba997b22f2cd5d29aad8c39f6201f7608ed0c04

Version f5e6d5a343761081317c89d23489c93fbafc69ff

Status affected

Version < 2f3d3fa5b8ed7d3b147478f42b00b468eeb1ecd2

Version f5e6d5a343761081317c89d23489c93fbafc69ff

Status affected

Version < fb428a2005fc1260d18b989cc5199f281617f44d

Version f5e6d5a343761081317c89d23489c93fbafc69ff

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.19

Status affected

Version < 5.19

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.043

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/8ba997b22f2cd5d29aad8c39f6201f7608ed0c04

https://git.kernel.org/stable/c/2f3d3fa5b8ed7d3b147478f42b00b468eeb1ecd2

https://git.kernel.org/stable/c/fb428a2005fc1260d18b989cc5199f281617f44d

https://nvd.nist.gov/vuln/detail/CVE-2023-53320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53320

EUVD