CVE-2023-53376
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long as unit. This gap causes memory access beyond the bitmap sizes and results in "BUG: KASAN: slab-out-of-bounds". The BUG was observed at firmware download to eHBA-9600. Call trace indicated that the out-of-bounds access happened in find_first_zero_bit() called from mpi3mr_send_event_ack() for miroc->evtack_cmds_bitmap. To fix the BUG, do not use bytes to manage bitmap sizes. Instead, use number of bits, and call bitmap helper functions which take number of bits as arguments. For memory allocation, call bitmap_zalloc() instead of kzalloc() and krealloc(). For memory free, call bitmap_free() instead of kfree(). For zero clear, call bitmap_clear() instead of memset(). Remove three fields for bitmap byte sizes in struct scmd_priv which are no longer required. Replace the field dev_handle_bitmap_sz with dev_handle_bitmap_bits to keep number of bits of removepend_bitmap across resize.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-12
Generated
2026-05-27
AI Q&A
2025-09-18
EPSS Evaluated
2026-05-25
NVD
CVE-2023-53376
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.14 (inc) to 6.1.18 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's mpi3mr driver, where bitmap sizes were managed incorrectly using bytes instead of bits. The driver allocated bitmaps based on byte units, but the bitmap helper functions expected bit units, causing memory access beyond allocated bitmap sizes. This led to a kernel bug detected by KASAN as a slab-out-of-bounds error, occurring during firmware download to eHBA-9600. The issue was fixed by changing the bitmap management to use the number of bits, using appropriate bitmap allocation and free functions, and removing obsolete fields related to bitmap byte sizes.


How can this vulnerability impact me? :

This vulnerability can cause out-of-bounds memory access in the Linux kernel, leading to kernel crashes or instability during operations involving the mpi3mr driver, such as firmware downloads to eHBA-9600 devices. This can result in system reliability issues and potential denial of service.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the mpi3mr driver uses the corrected bitmap management approach. Specifically, ensure that the driver uses number of bits to manage bitmap sizes instead of bytes, and uses bitmap_zalloc(), bitmap_free(), and bitmap_clear() functions as described in the fix. Avoid using vulnerable kernel versions that allocate bitmaps incorrectly in the mpi3mr driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart