CVE-2023-53357

If we write a large number to md/bitmapsetbits, mdbitmapcheckpage() will return -EINVAL because 'page >= bitmap->pages', but the return value was not checked immediately in mdbitmapget_counter() in order to set *blocks value and slab-out-of-bounds occurs.

Move check of 'page >= bitmap->pages' to mdbitmapget_counter() and return directly if true.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53357.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ef4256733506f2459a0c436b62267d22a3f0cec6

Fixed

374fb914304d9b500721007f3837ea8f1f9a2418

Fixed

b0b971fe7d61411ede63c3291764dbde1577ef2c

Fixed

39fa14e824acfd470db4f42c354297456bd82b53

Fixed

a134dd582c0d5b6068efa308bd485cf1d00b3f65

Fixed

be1a3ec63a840cc9e59a033acf154f56255699a1

Fixed

152bb26796ff054af50b2ee1b3ca56e364e4f61b

Fixed

bea301c046110bf421a3ce153fb868cb8d618e90

Fixed

301867b1c16805aebbc306aafa6ecdc68b73c7e5

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.36

Fixed

4.19.291

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.251

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.188

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.121

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.39

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.3.13

Type: ECOSYSTEM
Events: Introduced

6.4.0

Fixed

6.4.4