U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2023-52685

Change History

CVE Translated by kernel.org 6/18/2024 10:15:10 AM

Action Type Old Value New Value
Removed Translation
Title: kernel de Linux
Description: En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pstore: ram_core: corrige posible desbordamiento en persistent_ram_init_ecc() En persistent_ram_init_ecc(), en arcos de 64 bits DIV_ROUND_UP() devolverá un valor de 64 bits ya que persistent_ram_zone::buffer_size tiene el tipo size_t que se deriva del *unsigned long* de 64 bits, mientras que la variable ecc_blocks a la que se asigna este valor tiene (siempre 32 bits) el tipo *int*. Incluso si ese valor encaja en el tipo *int*, aún es posible un desbordamiento al calcular la variable ecc_total escrita size_t más abajo, ya que no hay conversión a ningún tipo de 64 bits antes de la multiplicación. Declarar la variable ecc_blocks como *size_t* debería solucionar este problema... Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE.

								
						

CVE Modified by kernel.org 6/18/2024 10:15:10 AM

Action Type Old Value New Value
Changed Description
In the Linux kernel, the following vulnerability has been resolved:

pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()

In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return
64-bit value since persistent_ram_zone::buffer_size has type size_t which
is derived from the 64-bit *unsigned long*, while the ecc_blocks variable
this value gets assigned to has (always 32-bit) *int* type.  Even if that
value fits into *int* type, an overflow is still possible when calculating
the size_t typed ecc_total variable further below since there's no cast to
any 64-bit type before multiplication.  Declaring the ecc_blocks variable
as *size_t* should fix this mess...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Removed Reference
kernel.org https://git.kernel.org/stable/c/3b333cded94fbe5ce30d699b316c4715151268ae

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/48dcfc42ce705b652c0619cb99846afc43029de9

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/86222a8fc16ec517de8da2604d904c9df3a08e5d

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/8fb12524c86bdd542a54857d5d076b1b6778c78c

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/a34946ec3de88a16cc3a87fdab50aad06255a22b

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/acd413da3e1f37582207cd6078a41d57c9011918

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/d1fe1aede684bd014714dacfdc75586a9ad38657

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/f9b891a7e8fcf83901f8507241e23e7420103b61

								
						

CVE Rejected by kernel.org 6/18/2024 10:15:10 AM

Action Type Old Value New Value