Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2023-52618

Disclosure Date: March 18, 2024 •

CVE-2023-52618

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

block/rnbd-srv: Check for unlikely string overflow

Since “dev_search_path” can technically be as large as PATH_MAX,
there was a risk of truncation when copying it and a second string
into “full_path” since it was also PATH_MAX sized. The W=1 builds were
reporting this warning:

drivers/block/rnbd/rnbd-srv.c: In function ‘process_msg_open.isra’:
drivers/block/rnbd/rnbd-srv.c:616:51: warning: ‘%s’ directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
616 | snprintf(full_path, PATH_MAX, “%s/%s”,

  |                                                   ^~

In function ‘rnbd_srv_get_full_path’,

inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096

616 | snprintf(full_path, PATH_MAX, “%s/%s”,

  |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

617 | dev_search_path, dev_name);

  |                          ~~~~~~~~~~~~~~~~~~~~~~~~~~

To fix this, unconditionally check for truncation (as was already done
for the case where “%SESSNAME%” was present).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2023-52618 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52618)

Miscellaneous

https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7

https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7

https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f

https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827

https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339

https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Rapid7

Unknown

CVE-2023-52618

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2023-52618

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2023-52618

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2023-52618

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification