CVE-2023-52618 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "dev_search_path" can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into "full_path" since it was also PATH_MAX sized. The W=1 builds were reporting this warning: drivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra': drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~ In function 'rnbd_srv_get_full_path', inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ To fix this, unconditionally check for truncation (as was already done for the case where "%SESSNAME%" was present).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827
https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7
https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41
https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339
https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f
https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/20240318102117.2839904-8-lee@kernel.org/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52618
https://www.cve.org/CVERecord?id=CVE-2023-52618

History

Fri, 04 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Wed, 06 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N'}`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Mon, 04 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-18T10:19:05.275Z

Updated: 2025-01-17T15:56:03.877Z

Reserved: 2024-03-06T09:52:12.089Z

Link: CVE-2023-52618

Vulnrichment

Updated: 2024-08-02T23:03:21.288Z

NVD

Status : Analyzed

Published: 2024-03-18T11:15:09.110

Modified: 2025-04-04T14:51:32.453

Link: CVE-2023-52618

Redhat

Severity : Low

Publid Date: 2024-03-18T00:00:00Z

Links: CVE-2023-52618 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52618", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.089Z", "datePublished": "2024-03-18T10:19:05.275Z", "dateUpdated": "2025-01-17T15:56:03.877Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-17T15:56:03.877Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rnbd-srv: Check for unlikely string overflow\n\nSince \"dev_search_path\" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto \"full_path\" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\n\ndrivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~\nIn function 'rnbd_srv_get_full_path',\n inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n 617 | dev_search_path, dev_name);\n | ~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where \"%SESSNAME%\" was present)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/rnbd/rnbd-srv.c"], "versions": [{"version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "95bc866c11974d3e4a9d922275ea8127ff809cf7", "status": "affected", "versionType": "git"}, {"version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "f6abd5e17da33eba15df2bddc93413e76c2b55f7", "status": "affected", "versionType": "git"}, {"version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "af7bbdac89739e2e7380387fda598848d3b7010f", "status": "affected", "versionType": "git"}, {"version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "5b9ea86e662035a886ccb5c76d56793cba618827", "status": "affected", "versionType": "git"}, {"version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "a2c6206f18104fba7f887bf4dbbfe4c41adc4339", "status": "affected", "versionType": "git"}, {"version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/rnbd/rnbd-srv.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.77", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.16", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7"}, {"url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7"}, {"url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f"}, {"url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827"}, {"url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339"}, {"url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"}], "title": "block/rnbd-srv: Check for unlikely string overflow", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-19T15:51:11.544669Z", "id": "CVE-2023-52618", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T21:20:41.702Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.288Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.288Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52618", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T15:51:11.544669Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.831Z"}}], "cna": {"title": "block/rnbd-srv: Check for unlikely string overflow", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "95bc866c11974d3e4a9d922275ea8127ff809cf7", "versionType": "git"}, {"status": "affected", "version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "f6abd5e17da33eba15df2bddc93413e76c2b55f7", "versionType": "git"}, {"status": "affected", "version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "af7bbdac89739e2e7380387fda598848d3b7010f", "versionType": "git"}, {"status": "affected", "version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "5b9ea86e662035a886ccb5c76d56793cba618827", "versionType": "git"}, {"status": "affected", "version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "a2c6206f18104fba7f887bf4dbbfe4c41adc4339", "versionType": "git"}, {"status": "affected", "version": "219ace60770117fbe440904f9156ab2ab8f30e7d", "lessThan": "9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41", "versionType": "git"}], "programFiles": ["drivers/block/rnbd/rnbd-srv.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.8"}, {"status": "unaffected", "version": "0", "lessThan": "5.8", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.77", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.16", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/block/rnbd/rnbd-srv.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7"}, {"url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7"}, {"url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f"}, {"url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827"}, {"url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339"}, {"url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rnbd-srv: Check for unlikely string overflow\n\nSince \"dev_search_path\" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto \"full_path\" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\n\ndrivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~\nIn function 'rnbd_srv_get_full_path',\n inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n 617 | dev_search_path, dev_name);\n | ~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where \"%SESSNAME%\" was present)."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-17T15:56:03.877Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52618", "state": "PUBLISHED", "dateUpdated": "2025-01-17T15:56:03.877Z", "dateReserved": "2024-03-06T09:52:12.089Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-18T10:19:05.275Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9487D7F4-8434-4668-8C1F-256A25094E23", "versionEndExcluding": "5.10.210", "versionStartIncluding": "5.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FA28946-970D-4F4D-B759-4E77B28809B5", "versionEndExcluding": "6.1.77", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8", "versionEndExcluding": "6.6.16", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78", "versionEndExcluding": "6.7.4", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rnbd-srv: Check for unlikely string overflow\n\nSince \"dev_search_path\" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto \"full_path\" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\n\ndrivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~\nIn function 'rnbd_srv_get_full_path',\n inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096\n 616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n 617 | dev_search_path, dev_name);\n | ~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where \"%SESSNAME%\" was present)."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: block/rnbd-srv: Comprueba si hay un desbordamiento de cadena improbable. Dado que \"dev_search_path\" t\u00e9cnicamente puede ser tan grande como PATH_MAX, exist\u00eda el riesgo de truncamiento al copiarlo y una segunda cadena en \" full_path\" ya que tambi\u00e9n ten\u00eda un tama\u00f1o PATH_MAX. Las compilaciones W=1 informaban esta advertencia: drivers/block/rnbd/rnbd-srv.c: En funci\u00f3n 'process_msg_open.isra': drivers/block/rnbd/rnbd-srv.c:616:51: advertencia: '% La salida de la directiva s se puede truncar escribiendo hasta 254 bytes en una regi\u00f3n de tama\u00f1o entre 0 y 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX, \"%s/%s\", | ^~ En la funci\u00f3n 'rnbd_srv_get_full_path', insertada desde 'process_msg_open.isra' en drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block /rnbd/rnbd-srv.c:616:17: nota: 'snprintf' genera entre 2 y 4351 bytes en un destino de tama\u00f1o 4096 616 | snprintf(full_path, PATH_MAX, \"%s/%s\", | ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~ ~~~~~~~~~~~~~~~~~~~ Para solucionar este problema, verifique incondicionalmente el truncamiento (como ya se hizo en el caso en el que \"%SESSNAME%\" estaba presente)."}], "id": "CVE-2023-52618", "lastModified": "2025-04-04T14:51:32.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-18T11:15:09.110", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: block/rnbd-srv: Check for unlikely string overflow", "id": "2270086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270086"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nblock/rnbd-srv: Check for unlikely string overflow\nSince \"dev_search_path\" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto \"full_path\" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\ndrivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n| ^~\nIn function 'rnbd_srv_get_full_path',\ninlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096\n616 | snprintf(full_path, PATH_MAX, \"%s/%s\",\n| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n617 | dev_search_path, dev_name);\n| ~~~~~~~~~~~~~~~~~~~~~~~~~~\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where \"%SESSNAME%\" was present)."], "name": "CVE-2023-52618", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52618\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52618\nhttps://lore.kernel.org/linux-cve-announce/20240318102117.2839904-8-lee@kernel.org/T"], "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object