9.1

CVE-2026-53043

ocfs2/dlm: validate qr_numregions in dlm_match_regions()

In the Linux kernel, the following vulnerability has been resolved:

ocfs2/dlm: validate qr_numregions in dlm_match_regions()

Patch series "ocfs2/dlm: fix two bugs in dlm_match_regions()".

In dlm_match_regions(), the qr_numregions field from a DLM_QUERY_REGION
network message is used to drive loops over the qr_regions buffer without
sufficient validation.  This series fixes two issues:

- Patch 1 adds a bounds check to reject messages where qr_numregions
  exceeds O2NM_MAX_REGIONS. The o2net layer only validates message
  byte length; it does not constrain field values, so a crafted message
  can set qr_numregions up to 255 and trigger out-of-bounds reads past
  the 1024-byte qr_regions buffer.

- Patch 2 fixes an off-by-one in the local-vs-remote comparison loop,
  which uses '<=' instead of '<', reading one entry past the valid range
  even when qr_numregions is within bounds.


This patch (of 2):

The qr_numregions field from a DLM_QUERY_REGION network message is used
directly as loop bounds in dlm_match_regions() without checking against
O2NM_MAX_REGIONS.  Since qr_regions is sized for at most O2NM_MAX_REGIONS
(32) entries, a crafted message with qr_numregions > 32 causes
out-of-bounds reads past the qr_regions buffer.

Add a bounds check for qr_numregions before entering the loops.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < d3d5efade0c79dac1cac98c0cb1115432f804439
Status affected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < f69551139caf6d24242a0ad049ee46b264e3aee0
Status affected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < 1f8b91275912cd428289c1fb424bebd7ff5302bd
Status affected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < f37de46149db49abd2b24f4f0c5a88cf4dfb5f47
Status affected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < 6c6e8fc3c007319981647b410c29bb5775048551
Status affected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < 3f474c33ebc2e2ca3fcb587d7de4375348f13373
Status affected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < 3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21
Status affected
Version ea2034416b54700e30371f2ad6517cbb94674083
Version < 7ab3fbb01bc6d79091bc375e5235d360cd9b78be
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.37
Status affected
Version 0
Version < 2.6.37
Status unaffected
Version <= 5.10.*
Version 5.10.258
Status unaffected
Version <= 5.15.*
Version 5.15.209
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.403
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/d3d5efade0c79dac1cac98c0cb1115432f804439
https://git.kernel.org/stable/c/f69551139caf6d24242a0ad049ee46b264e3aee0
https://git.kernel.org/stable/c/1f8b91275912cd428289c1fb424bebd7ff5302bd
https://git.kernel.org/stable/c/f37de46149db49abd2b24f4f0c5a88cf4dfb5f47
https://git.kernel.org/stable/c/6c6e8fc3c007319981647b410c29bb5775048551
https://git.kernel.org/stable/c/3f474c33ebc2e2ca3fcb587d7de4375348f13373
https://git.kernel.org/stable/c/3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21
https://git.kernel.org/stable/c/7ab3fbb01bc6d79091bc375e5235d360cd9b78be