CVE-2023-53320 - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt

CVE ID : CVE-2023-53320
Published : Sept. 16, 2025, 5:15 p.m. | 32 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() The function mpi3mr_get_all_tgt_info() has four issues: 1) It calculates valid entry length in alltgt_info assuming the header part of the struct mpi3mr_device_map_info would equal to sizeof(u32). The correct size is sizeof(u64). 2) When it calculates the valid entry length kern_entrylen, it excludes one entry by subtracting 1 from num_devices. 3) It copies num_device by calling memcpy(). Substitution is enough. 4) It does not specify the calculated length to sg_copy_from_buffer(). Instead, it specifies the payload length which is larger than the alltgt_info size. It causes "BUG: KASAN: slab-out-of-bounds". Fix the issues by using the correct header size, removing the subtraction from num_devices, replacing the memcpy() with substitution and specifying the correct length to sg_copy_from_buffer().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

from Latest Vulnerabilities https://ift.tt/tR0nEhN
via IFTTT

CVE-2023-53320 - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

Post a Comment

E-commerce V 1.0 | customer image - /customer_register.php | Remote Code Execution| Found By Maloy Roy Orko

Categories

Main Tags

Contact Form

Latest Posts

Popular Posts

E-commerce V 1.0 | customer image - /customer_register.php | Remote Code Execution| Found By Maloy Roy Orko

(CVE-2024-13205,CVE-2024-13204)-SQL-Injection-To-XSS-In-Ecommerce-PHP-kurniaramadhan-1.0

CVE-2025-0842 | Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko

Contact Form