CVE-2023-52685

2024-05-1715:15:19

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

pstore

vulnerability

fixed

64-bit

overflow

svace

analysis

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return 64-bit value since persistent_ram_zone::buffer_size has type size_t which is derived from the 64-bit unsigned long, while the ecc_blocks variable this value gets assigned to has (always 32-bit) int type. Even if that value fits into int type, an overflow is still possible when calculating the size_t typed ecc_total variable further below since there’s no cast to any 64-bit type before multiplication. Declaring the ecc_blocks variable as size_t should fix this mess… Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 6.1.76-1linux_6.1.76-1_all.deb
Debian11alllinux< 5.10.209-1linux_5.10.209-1_all.deb
Debian10alllinux<= 4.19.249-2linux_4.19.249-2_all.deb
Debian999alllinux< 6.6.15-1linux_6.6.15-1_all.deb
Debian13alllinux< 6.6.15-1linux_6.6.15-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 6.1.76-1	linux_6.1.76-1_all.deb
Debian	11	all	linux	< 5.10.209-1	linux_5.10.209-1_all.deb
Debian	10	all	linux	<= 4.19.249-2	linux_4.19.249-2_all.deb
Debian	999	all	linux	< 6.6.15-1	linux_6.6.15-1_all.deb
Debian	13	all	linux	< 6.6.15-1	linux_6.6.15-1_all.deb