Skip to content

In the Linux kernel, the following vulnerability has been...

Unreviewed Published Sep 16, 2025 to the GitHub Advisory Database • Updated Sep 16, 2025

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

The function mpi3mr_get_all_tgt_info() has four issues:

  1. It calculates valid entry length in alltgt_info assuming the header part
    of the struct mpi3mr_device_map_info would equal to sizeof(u32). The
    correct size is sizeof(u64).

  2. When it calculates the valid entry length kern_entrylen, it excludes one
    entry by subtracting 1 from num_devices.

  3. It copies num_device by calling memcpy(). Substitution is enough.

  4. It does not specify the calculated length to sg_copy_from_buffer().
    Instead, it specifies the payload length which is larger than the
    alltgt_info size. It causes "BUG: KASAN: slab-out-of-bounds".

Fix the issues by using the correct header size, removing the subtraction
from num_devices, replacing the memcpy() with substitution and specifying
the correct length to sg_copy_from_buffer().

References

Published by the National Vulnerability Database Sep 16, 2025
Published to the GitHub Advisory Database Sep 16, 2025
Last updated Sep 16, 2025

Severity

Unknown

EPSS score

Weaknesses

No CWEs

CVE ID

CVE-2023-53320

GHSA ID

GHSA-6j5m-wpm9-j86c

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.