416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2023-52762

HistoryMay 21, 2024 - 4:15 p.m.

CVE-2023-52762

2024-05-2116:15:15

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

virtio-blk

implicit overflow

vulnerability

fix

size_t

u32

cve-2023-52762

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.5%

In the Linux kernel, the following vulnerability has been resolved:

virtio-blk: fix implicit overflow on virtio_max_dma_size

The following codes have an implicit conversion from size_t to u32:
(u32)max_size = (size_t)virtio_max_dma_size(vdev);

This may lead overflow, Ex (size_t)4G -> (u32)0. Once
virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX
instead.

References

git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9

git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48

git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b

git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90

git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be