CVE-2023-53376

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The mpi3mr driver in the Linux kernel incorrectly calculates bitmap sizes using bytes instead of bits, leading to memory access beyond allocated bitmap sizes and resulting in a kernel BUG, specifically a “slab-out-of-bounds” error. This issue was observed during firmware download to eHBA-9600, with the out-of-bounds access occurring in the find first zero bit() function called from mpi3mr send event ack() for miroc->evtack cmds bitmap.

Recommendations Replace the field dev handle bitmap sz with dev handle bitmap bits to maintain the number of bits for the removepend bitmap across resize operations. Use bitmap zalloc() instead of kzalloc() and krealloc() for memory allocation. Use bitmap free() instead of kfree() for memory freeing. Use bitmap clear() instead of memset() for zero clearing.