CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size
In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: fix implicit overflow on virtiomaxdmasize
The following codes have an implicit conversion from sizet to u32: (u32)maxsize = (sizet)virtiomaxdmasize(vdev);
This may lead overflow, Ex (sizet)4G -> (u32)0. Once virtiomaxdmasize() has a larger size than U32MAX, use U32MAX instead.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: fix implicit overflow on virtiomaxdmasize
The Linux kernel CVE team has assigned CVE-2023-52762 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052147-CVE-2023-52762-fe90@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow on virtiomaxdmasize. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52762?
CVE-2023-52762 is considered a high-severity vulnerability due to the potential for overflow issues that may affect system stability.
How do I fix CVE-2023-52762?
To address CVE-2023-52762, upgrade to kernel versions 5.15.140, 6.1.64, 6.5.13, 6.6.3, or 6.7 as specified.
What systems are affected by CVE-2023-52762?
CVE-2023-52762 affects specific versions of the Linux kernel, particularly those used in Red Hat systems and IBM Security Verify Governance products.
What does CVE-2023-52762 exploit?
CVE-2023-52762 exploits an implicit conversion issue that can lead to size overflow during virtio block device operations.
Is there a known workaround for CVE-2023-52762?
Currently, there are no known workarounds for CVE-2023-52762 and applying the updates is the recommended solution.