PT-2024-5636 · Linux+6 · Linux Kernel+6

Chenyuan Yang

·

Published

2024-02-11

·

Updated

2025-03-25

·

CVE-2023-52429

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.7.4
Description The issue is related to the dm table create function in the drivers/md/dm-table.c module of the Linux kernel. It can attempt to allocate more than INT MAX bytes and crash due to a missing check for struct dm ioctl.target count. This can allow an attacker to cause a denial of service.
Recommendations For Linux kernel versions through 6.7.4, as a temporary workaround, consider disabling the dm table create function until a patch is available. Restrict access to the vulnerable module drivers/md/dm-table.c to minimize the risk of exploitation. Avoid using the target count variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-789

Related Identifiers

ALT-PU-2024-14046
ALT-PU-2024-2868
ALT-PU-2024-3144
ALT-PU-2024-3273
ALT-PU-2024-3415
ALT-PU-2024-3457
ALT-PU-2024-4623
ALT-PU-2024-6511
ALT-PU-2024-6818
AZL-34523
AZL-34864
AZL-35476
BDU:2024-06349
CVE-2023-52429
DLA-3840-1
DLA-3842-1
DSA-5658-1
DSA-5681-1
OPENSUSE-SU-2024:13696-1
OPENSUSE-SU-2024_0857-1
OPENSUSE-SU-2024_0858-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:0855-1
SUSE-SU-2024:0856-1
SUSE-SU-2024:0857-1
SUSE-SU-2024:0858-1
SUSE-SU-2024:0900-1
SUSE-SU-2024:0900-2
SUSE-SU-2024:0910-1
SUSE-SU-2024:0925-1
SUSE-SU-2024:0926-1
SUSE-SU-2024:0975-1
SUSE-SU-2024:0976-1
SUSE-SU-2024:0977-1
SUSE-SU-2024:1669-1
USN-6724-1
USN-6724-2
USN-6725-1
USN-6725-2
USN-6726-1
USN-6726-2
USN-6726-3
USN-6739-1
USN-6740-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu