CVE-2023-52429Improper Check for Unusual or Exceptional Conditions in Kernel

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-789Memory Allocation with Excessive Size Value27 documents9 sources
Severity
5.5MEDIUMNVD
OSV8.1OSV7.5OSV7.0OSV4.7
EPSS
0.0%
top 93.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelFedoraproject Fedora
Timeline
PublishedFeb 12
Latest updateApr 19

Description

dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel5.11.05.15.149+4
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-176.196+3

Also affects: Fedora 38, 39

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-04-19
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-04-19
OSV
linux-xilinx-zynqmp vulnerabilities2024-04-17
OSV
linux-aws-6.5, linux-raspi vulnerabilities2024-04-16
OSV
linux-iot vulnerabilities2024-04-16

📋Vendor Advisories

13
Ubuntu
Linux kernel vulnerabilities2024-04-19
Ubuntu
Linux kernel vulnerabilities2024-04-19
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2024-04-17
Ubuntu
Linux kernel vulnerabilities2024-04-16
Ubuntu
Linux kernel (IoT) vulnerabilities2024-04-16

💬Community

1
Bugzilla
CVE-2023-52429 kernel: missing check for struct in dm-table.c can cause a crash2024-02-12
CVE-2023-52429 — Linux Kernel vulnerability | cvebase