CVE-2023-52762

virtio-blk: fix implicit overflow on virtio_max_dma_size

Description

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_t)4G -> (u32)0. Once virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX instead.

N/A

CVSS

Severity:

EPSS 0.14%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b
https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48
https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9
https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90
https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be

Frequently Asked Questions

What is the severity of CVE-2023-52762?: CVE-2023-52762 has not yet been assigned a CVSS score.
How to fix CVE-2023-52762?: To fix CVE-2023-52762, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52762 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-52762 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52762?: CVE-2023-52762 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.