CVE-2023-53778

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the accel/qaic component related to integer overflow checking within the map user pages() function. The encode dma() function previously had validation on in trans->size, but improvements were made by moving these checks to find and map user pages(). A new variable, remaining, was introduced to represent the amount of data to transfer, calculated by subtracting the already transferred bytes (resources->xferred dma size) from the total transfer size (in trans->size). Checks were added to ensure that in trans->size is not less than resources->xferred dma size and to prevent potential overflows when calculating addresses. The code also addresses potential size truncation issues on 32-bit systems when using kmalloc(). The encode dma() function and map user pages() are involved in the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.