CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-52980

In the Linux kernel, the following vulnerability has been resolved: block: ublk: extending queue_size to fix overflow When validating drafted SPDK ublk target, in a case that assigning large queue depth to multiqueue ublk device, ublk target would run into a weird incorrect state. During rounds of review and debug, An overflow bug was found in ublk driver. In ublk_cmd.h, UBLK_MAX_QUEUE_DEPTH is 4096 which means each ublk queue depth can be set as large as 4096. But when setting qd for a ublk device, sizeof(struct ublk_queue) + depth * sizeof(struct ublk_io) will be larger than 65535 if qd is larger than 2728. Then queue_size is overflowed, and ublk_get_queue() references a wrong pointer position. The wrong content of ublk_queue elements will lead to out-of-bounds memory access. Extend queue_size in ublk_device as "unsigned int".

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.5%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2023-52980

Linux » Linux Kernel » Version: 6.0

cpe:2.3:o:linux:linux_kernel:6.0
Linux » Linux Kernel » Version: 6.0.1

cpe:2.3:o:linux:linux_kernel:6.0.1
Linux » Linux Kernel » Version: 6.0.10

cpe:2.3:o:linux:linux_kernel:6.0.10
Linux » Linux Kernel » Version: 6.0.11

cpe:2.3:o:linux:linux_kernel:6.0.11
Linux » Linux Kernel » Version: 6.0.12

cpe:2.3:o:linux:linux_kernel:6.0.12
Linux » Linux Kernel » Version: 6.0.13

cpe:2.3:o:linux:linux_kernel:6.0.13
Linux » Linux Kernel » Version: 6.0.14

cpe:2.3:o:linux:linux_kernel:6.0.14
Linux » Linux Kernel » Version: 6.0.15

cpe:2.3:o:linux:linux_kernel:6.0.15
Linux » Linux Kernel » Version: 6.0.16

cpe:2.3:o:linux:linux_kernel:6.0.16
Linux » Linux Kernel » Version: 6.0.17

cpe:2.3:o:linux:linux_kernel:6.0.17
Linux » Linux Kernel » Version: 6.0.18

cpe:2.3:o:linux:linux_kernel:6.0.18
Linux » Linux Kernel » Version: 6.0.19

cpe:2.3:o:linux:linux_kernel:6.0.19
Linux » Linux Kernel » Version: 6.0.2

cpe:2.3:o:linux:linux_kernel:6.0.2
Linux » Linux Kernel » Version: 6.0.3

cpe:2.3:o:linux:linux_kernel:6.0.3
Linux » Linux Kernel » Version: 6.0.4

cpe:2.3:o:linux:linux_kernel:6.0.4
Linux » Linux Kernel » Version: 6.0.5

cpe:2.3:o:linux:linux_kernel:6.0.5
Linux » Linux Kernel » Version: 6.0.6

cpe:2.3:o:linux:linux_kernel:6.0.6
Linux » Linux Kernel » Version: 6.0.7

cpe:2.3:o:linux:linux_kernel:6.0.7
Linux » Linux Kernel » Version: 6.0.8

cpe:2.3:o:linux:linux_kernel:6.0.8
Linux » Linux Kernel » Version: 6.0.9

cpe:2.3:o:linux:linux_kernel:6.0.9
Linux » Linux Kernel » Version: 6.1

cpe:2.3:o:linux:linux_kernel:6.1
Linux » Linux Kernel » Version: 6.1.1

cpe:2.3:o:linux:linux_kernel:6.1.1
Linux » Linux Kernel » Version: 6.1.10

cpe:2.3:o:linux:linux_kernel:6.1.10
Linux » Linux Kernel » Version: 6.1.2

cpe:2.3:o:linux:linux_kernel:6.1.2
Linux » Linux Kernel » Version: 6.1.3

cpe:2.3:o:linux:linux_kernel:6.1.3
Linux » Linux Kernel » Version: 6.1.4

cpe:2.3:o:linux:linux_kernel:6.1.4
Linux » Linux Kernel » Version: 6.1.5

cpe:2.3:o:linux:linux_kernel:6.1.5
Linux » Linux Kernel » Version: 6.1.6

cpe:2.3:o:linux:linux_kernel:6.1.6
Linux » Linux Kernel » Version: 6.1.7

cpe:2.3:o:linux:linux_kernel:6.1.7
Linux » Linux Kernel » Version: 6.1.8

cpe:2.3:o:linux:linux_kernel:6.1.8
Linux » Linux Kernel » Version: 6.1.9

cpe:2.3:o:linux:linux_kernel:6.1.9
Linux » Linux Kernel » Version: 6.2

cpe:2.3:o:linux:linux_kernel:6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-52980

Products

Pricing

Contact Us