CVE-2023-53108

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug

Description A vulnerability in the Linux kernel has been resolved, specifically in the net/iucv module. The issue is related to the size of interrupt data, where iucv irq data needs to be 4 bytes larger to accommodate data written by the z/VM hypervisor in case a CPU is deconfigured. This vulnerability can cause a kmalloc Redzone overwrite, as reported by the BUG dma-kmalloc-64. The estimated number of potentially affected devices worldwide is not available.

Recommendations For Linux kernel versions prior to 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug, update to a version that includes the fix for the net/iucv module, ensuring that iucv irq data is 4 bytes larger. As a temporary workaround, consider disabling the iucv cpu prepare() function until a patch is available. Restrict access to the vulnerable iucv irq data to minimize the risk of exploitation.