| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120943-CVE-2023-53803-0ff9@gregkh> Date: Tue, 9 Dec 2025 09:02:24 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53803: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses] Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after (and before in next loop) addl_desc_ptr[1] is sufficient, we expect the size to be sanitized before first access to addl_desc_ptr[1]. Make sure we don't walk beyond end of page. The Linux kernel CVE team has assigned CVE-2023-53803 to this issue. Affected and fixed versions =========================== Fixed in 4.14.308 with commit da1a955c48a16e16e925d6544793914e52a6fa51 Fixed in 4.19.276 with commit 9e5c7d52085b8c84bc82a261580f0eb170039325 Fixed in 5.4.235 with commit 467afb1dd630d8c6d172bd6cacc125199b5f4f2d Fixed in 5.10.173 with commit e4dd25da784b2e07dbfbf04509afa4c5a1375227 Fixed in 5.15.99 with commit 2b28a7d261cb309912596d6a2d383ca370483527 Fixed in 6.1.16 with commit 0dfe68394cbe1d4fe579fb325ecc813c50528c5a Fixed in 6.2.3 with commit 799e8dd2022d2e13f0c5c1906b40ceca07a23349 Fixed in 6.3 with commit 9b4f5028e493cb353a5c8f5c45073eeea0303abd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53803 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/ses.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/da1a955c48a16e16e925d6544793914e52a6fa51 https://git.kernel.org/stable/c/9e5c7d52085b8c84bc82a261580f0eb170039325 https://git.kernel.org/stable/c/467afb1dd630d8c6d172bd6cacc125199b5f4f2d https://git.kernel.org/stable/c/e4dd25da784b2e07dbfbf04509afa4c5a1375227 https://git.kernel.org/stable/c/2b28a7d261cb309912596d6a2d383ca370483527 https://git.kernel.org/stable/c/0dfe68394cbe1d4fe579fb325ecc813c50528c5a https://git.kernel.org/stable/c/799e8dd2022d2e13f0c5c1906b40ceca07a23349 https://git.kernel.org/stable/c/9b4f5028e493cb353a5c8f5c45073eeea0303abd
Powered by blists - more mailing lists