CVE-2023-7324

Vulnerability

Overview

CVE-2023-7324 is a vulnerability in the Linux kernel's SCSI Enclosure Services (SES) driver. The flaw resides in the ses_enclosure_data_process() function, where the addl_desc_ptr (additional descriptor pointer) is not properly sanitized before use. This can result in out-of-bounds reads when processing specially crafted enclosure diagnostic data [1][2].

Exploitation

An attacker with the ability to deliver a malicious SCSI enclosure diagnostic page (e.g., via a compromised or malicious SCSI enclosure device) could trigger the out-of-bounds access. No special privileges beyond-normal privileges are required beyond the ability to submit SCSI commands to the affected device. The attack surface is limited to systems that have SCSI enclosures attached and where the SES driver is loaded [3][4].

Impact

Successful exploitation could lead to information disclosure (reading kernel memory beyond the intended buffer) or a system crash (denial of service). The vulnerability does not appear to allow arbitrary code execution based on the available information [1][2].

Mitigation

The issue has been fixed in the Linux kernel with commits that add proper bounds checking for the addl_desc_ptr [1][2][3][4]. Users should apply the stable kernel branches should apply the corresponding patches. No workaround is available other than updating the kernel.