CVE-2023-52857 Affecting dlm-kmp-default package, versions <6.4.0-150600.23.14.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-DLMKMPDEFAULT-7550549
- published 23 Jul 2024
- disclosed 22 Jul 2024
Introduced: 22 Jul 2024
CVE-2023-52857 Open this link in a new tabHow to fix?
Upgrade SLES:15.6
dlm-kmp-default
to version 6.4.0-150600.23.14.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream dlm-kmp-default
package and not the dlm-kmp-default
package as distributed by SLES
.
See How to fix?
for SLES:15.6
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Fix coverity issue with unintentional integer overflow
Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable.
Add a int variable for multiplier calculation instead of calculating different types multiplier with dma_addr_t variable directly.
References
- https://www.suse.com/security/cve/CVE-2023-52857.html
- https://bugzilla.suse.com/1225581
- https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396
- https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c
- https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7