CVE-2023-53820

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the loop device implementation. Specifically, a check is missing in the loop set status from info() function before reassigning values to lo->lo offset and lo->lo sizelimit. This can lead to incorrect values being assigned if an overflow error occurs, and these incorrect values are subsequently used in operations like calculating the position (pos) within the do req filebacked function via loff t pos = ((loff t) blk rq pos(rq) << 9) + lo->lo offset; and in the lo rw aio function through cmd->iocb.ki pos = pos. The initial patch did not fully address the issue, as the incorrect value was still utilized by the loop driver despite an error return from the ioctl call.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.