CVE-2023-53376

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: mpi3mr: Use number of bits to manage bitmap sizes<br /> <br /> To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using<br /> byte as unit. However, bitmap helper functions assume that bitmaps are<br /> allocated using unsigned long as unit. This gap causes memory access beyond<br /> the bitmap sizes and results in "BUG: KASAN: slab-out-of-bounds". The BUG<br /> was observed at firmware download to eHBA-9600. Call trace indicated that<br /> the out-of-bounds access happened in find_first_zero_bit() called from<br /> mpi3mr_send_event_ack() for miroc-&gt;evtack_cmds_bitmap.<br /> <br /> To fix the BUG, do not use bytes to manage bitmap sizes. Instead, use<br /> number of bits, and call bitmap helper functions which take number of bits<br /> as arguments. For memory allocation, call bitmap_zalloc() instead of<br /> kzalloc() and krealloc(). For memory free, call bitmap_free() instead of<br /> kfree(). For zero clear, call bitmap_clear() instead of memset().<br /> <br /> Remove three fields for bitmap byte sizes in struct scmd_priv which are no<br /> longer required. Replace the field dev_handle_bitmap_sz with<br /> dev_handle_bitmap_bits to keep number of bits of removepend_bitmap across<br /> resize.