Bug 2267705 (CVE-2024-23307)

Summary: CVE-2024-23307 kernel: Integer Overflow in raid5_cache_count
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, kgrant, kyoshida, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sidakwo, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2267706    
Bug Blocks: 2267707    

Description Rohit Keshri 2024-03-04 15:12:27 UTC 
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.


Refer:
https://lore.kernel.org/linux-raid/20240112071017.16313-1-2045gemini@gmail.com/#r
https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/
https://bugzilla.openanolis.cn/show_bug.cgi?id=7975
Comment 1 Rohit Keshri 2024-03-04 15:15:17 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2267706]
Comment 4 errata-xmlrpc 2024-06-05 00:30:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3618 https://access.redhat.com/errata/RHSA-2024:3618
Comment 5 errata-xmlrpc 2024-06-05 10:04:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3627 https://access.redhat.com/errata/RHSA-2024:3627
Comment 7 errata-xmlrpc 2024-11-12 09:19:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315
Comment 10 errata-xmlrpc 2025-02-19 00:50:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1658 https://access.redhat.com/errata/RHSA-2025:1658