CVE-2023-53376

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53376
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53376.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53376
Downstream
Published
2025-09-18T14:15:40Z
Modified
2025-09-19T16:00:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Use number of bits to manage bitmap sizes

To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long as unit. This gap causes memory access beyond the bitmap sizes and results in "BUG: KASAN: slab-out-of-bounds". The BUG was observed at firmware download to eHBA-9600. Call trace indicated that the out-of-bounds access happened in findfirstzerobit() called from mpi3mrsendeventack() for miroc->evtackcmdsbitmap.

To fix the BUG, do not use bytes to manage bitmap sizes. Instead, use number of bits, and call bitmap helper functions which take number of bits as arguments. For memory allocation, call bitmapzalloc() instead of kzalloc() and krealloc(). For memory free, call bitmapfree() instead of kfree(). For zero clear, call bitmap_clear() instead of memset().

Remove three fields for bitmap byte sizes in struct scmdpriv which are no longer required. Replace the field devhandlebitmapsz with devhandlebitmapbits to keep number of bits of removependbitmap across resize.

References

Affected packages