In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Limit the free list length to the size of the IO TLB. Transient pool can be smaller than IO_TLB_SEGSIZE, but the free list is initialized with the assumption that the total number of slots is a multiple of IO_TLB_SEGSIZE. As a result, swiotlb_area_find_slots() may allocate slots past the end of a transient IO TLB buffer.
History

Mon, 04 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T15:31:06.319Z

Updated: 2024-12-19T08:26:01.428Z

Reserved: 2024-05-21T15:19:24.241Z

Link: CVE-2023-52790

cve-icon Vulnrichment

Updated: 2024-08-02T23:11:36.050Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-21T16:15:17.707

Modified: 2024-11-21T08:40:35.640

Link: CVE-2023-52790

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2023-52790 - Bugzilla