Description

In the Linux kernel, the following vulnerability has been resolved: block: ublk: extending queue_size to fix overflow When validating drafted SPDK ublk target, in a case that assigning large queue depth to multiqueue ublk device, ublk target would run into a weird incorrect state. During rounds of review and debug, An overflow bug was found in ublk driver. In ublk_cmd.h, UBLK_MAX_QUEUE_DEPTH is 4096 which means each ublk queue depth can be set as large as 4096. But when setting qd for a ublk device, sizeof(struct ublk_queue) + depth * sizeof(struct ublk_io) will be larger than 65535 if qd is larger than 2728. Then queue_size is overflowed, and ublk_get_queue() references a wrong pointer position. The wrong content of ublk_queue elements will lead to out-of-bounds memory access. Extend queue_size in ublk_device as "unsigned int".

INFO

Published Date :

2025-03-27T16:43:19.493Z

Last Modified :

2025-05-04T07:46:45.012Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-52980 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-52980.

URL Resource
https://git.kernel.org/stable/c/29baef789c838bd5c02f50c88adbbc6b955aaf61 cve-icon cve-icon
https://git.kernel.org/stable/c/ee1e3fe4b4579f856997190a00ea4db0307b4332 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025032705-CVE-2023-52980-0fea@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52980 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52980 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact