CVE-2023-52980

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52980

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52980.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52980

Related

UBUNTU-CVE-2023-52980

Published

2025-03-27T17:15:45Z

Modified

2025-03-28T18:11:49Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

block: ublk: extending queue_size to fix overflow

When validating drafted SPDK ublk target, in a case that assigning large queue depth to multiqueue ublk device, ublk target would run into a weird incorrect state. During rounds of review and debug, An overflow bug was found in ublk driver.

In ublkcmd.h, UBLKMAXQUEUEDEPTH is 4096 which means each ublk queue depth can be set as large as 4096. But when setting qd for a ublk device, sizeof(struct ublkqueue) + depth * sizeof(struct ublkio) will be larger than 65535 if qd is larger than 2728. Then queuesize is overflowed, and ublkgetqueue() references a wrong pointer position. The wrong content of ublkqueue elements will lead to out-of-bounds memory access.

Extend queuesize in ublkdevice as "unsigned int".

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}