CVE-2023-52762

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52762
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_t)4G -> (u32)0. Once virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX instead.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9 Patch
https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48 Patch
https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b Patch
https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90 Patch
https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be Patch
https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9 Patch
https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48 Patch
https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b Patch
https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90 Patch
https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

23 Sep 2025, 19:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux
Linux linux Kernel
References () https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9 - () https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9 - Patch
References () https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48 - () https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48 - Patch
References () https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b - () https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b - Patch
References () https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90 - () https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90 - Patch
References () https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be - () https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-190

21 Nov 2024, 08:40

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: virtio-blk: corrige el desbordamiento implícito en virtio_max_dma_size. Los siguientes códigos tienen una conversión implícita de size_t a u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); Esto puede provocar un desbordamiento, Ex (size_t)4G -> (u32)0. Una vez que virtio_max_dma_size() tenga un tamaño mayor que U32_MAX, use U32_MAX en su lugar.
References () https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9 - () https://git.kernel.org/stable/c/017278f141141367f7d14b203e930b45b6ffffb9 -
References () https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48 - () https://git.kernel.org/stable/c/472bd4787406bef2e8b41ee4c74d960a06a49a48 -
References () https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b - () https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b -
References () https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90 - () https://git.kernel.org/stable/c/d667fe301dcbcb12d1d6494fc4b8abee2cb75d90 -
References () https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be - () https://git.kernel.org/stable/c/fafb51a67fb883eb2dde352539df939a251851be -

21 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-21 16:15

Updated : 2025-09-23 19:36

NVD link : CVE-2023-52762

Mitre link : CVE-2023-52762

CVE.ORG link : CVE-2023-52762

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-190

Integer Overflow or Wraparound