Integer overflow in raid5_cache_count in Linux kernel
CVE-2024-23307

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux kernel
Vendor: CVE Published:; 25 January 2024

Summary

The vulnerability identified in the Linux kernel is categorized as an integer overflow or wraparound issue, specifically affecting the system's functionality in handling various operations. This flaw occurs in the md, raid, and raid5 modules, leading to forced integer overflow scenarios on systems operating with the Linux kernel on both x86 and ARM architectures. Exploitation of this vulnerability can lead to undesirable behavior in the affected systems, potentially compromising the integrity and reliability of the operations performed. System administrators and users are advised to review the security implications and apply necessary mitigations.

Affected Version(s)

Linux kernel Linux v4.1-rc1

References

https://bugzilla.openanolis.cn/show_bug.cgi?id=7975

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2024
Vulnerability Reserved
Jan 15, 2024

Collectors

NVD DatabaseMitre Database

Credit

Gui-Dong Han <[email protected]>