fkie_cve-2023-53376
Vulnerability from fkie_nvd
Published
2025-09-18 14:15
Modified
2025-09-19 16:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Use number of bits to manage bitmap sizes
To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using
byte as unit. However, bitmap helper functions assume that bitmaps are
allocated using unsigned long as unit. This gap causes memory access beyond
the bitmap sizes and results in "BUG: KASAN: slab-out-of-bounds". The BUG
was observed at firmware download to eHBA-9600. Call trace indicated that
the out-of-bounds access happened in find_first_zero_bit() called from
mpi3mr_send_event_ack() for miroc->evtack_cmds_bitmap.
To fix the BUG, do not use bytes to manage bitmap sizes. Instead, use
number of bits, and call bitmap helper functions which take number of bits
as arguments. For memory allocation, call bitmap_zalloc() instead of
kzalloc() and krealloc(). For memory free, call bitmap_free() instead of
kfree(). For zero clear, call bitmap_clear() instead of memset().
Remove three fields for bitmap byte sizes in struct scmd_priv which are no
longer required. Replace the field dev_handle_bitmap_sz with
dev_handle_bitmap_bits to keep number of bits of removepend_bitmap across
resize.
References
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Use number of bits to manage bitmap sizes\n\nTo allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using\nbyte as unit. However, bitmap helper functions assume that bitmaps are\nallocated using unsigned long as unit. This gap causes memory access beyond\nthe bitmap sizes and results in \"BUG: KASAN: slab-out-of-bounds\". The BUG\nwas observed at firmware download to eHBA-9600. Call trace indicated that\nthe out-of-bounds access happened in find_first_zero_bit() called from\nmpi3mr_send_event_ack() for miroc-\u003eevtack_cmds_bitmap.\n\nTo fix the BUG, do not use bytes to manage bitmap sizes. Instead, use\nnumber of bits, and call bitmap helper functions which take number of bits\nas arguments. For memory allocation, call bitmap_zalloc() instead of\nkzalloc() and krealloc(). For memory free, call bitmap_free() instead of\nkfree(). For zero clear, call bitmap_clear() instead of memset().\n\nRemove three fields for bitmap byte sizes in struct scmd_priv which are no\nlonger required. Replace the field dev_handle_bitmap_sz with\ndev_handle_bitmap_bits to keep number of bits of removepend_bitmap across\nresize." } ], "id": "CVE-2023-53376", "lastModified": "2025-09-19T16:00:27.847", "metrics": {}, "published": "2025-09-18T14:15:40.473", "references": [ { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/339e61565f81a6534afdc18fd854b2e2628bf5db" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6a675a6d57d31da43d8da576465c1cd5d5b0bd3d" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8ac713d2e9845e9234bb12ae5903040685d5aff9" } ], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…