Kernel Vulnerability in dm_table_create Could Lead to Memory Corruption and Crash
CVE-2023-52429

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 12 February 2024

What is CVE-2023-52429?

dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.

References

https://www.spinics.net/lists/dm-devel/msg56625.html

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Feb 12, 2024