CVE-2023-52429: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52429 affects the Linux kernel through version 6.7.4, specifically in the dm_table_create function within drivers/md/dm-table.c. The vulnerability was discovered when a missing check for struct dm_ioctl.target_count could allow an attempt to allocate more than INT_MAX bytes in the alloc_targets function, potentially leading to a system crash (Kernel Patch).

The vulnerability exists in the device mapper driver of the Linux kernel. The issue occurs when dm_table_create attempts to allocate memory using kvcalloc with a size that could exceed INT_MAX bytes due to insufficient validation of the target_count parameter. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a denial of service condition through a system crash. The impact is limited to availability, with no direct impact on confidentiality or integrity. However, the vulnerability requires local access and CAP_SYS_ADMIN privileges (root) in the initial namespace to be exploited (Ubuntu Security).

The vulnerability has been patched in Linux kernel version 6.7.5 by implementing a limit on the number of targets to 1048576 and the size of the parameter area to 1073741824. Various Linux distributions have released updates to address this vulnerability, including Fedora 38 and 39 with kernel-6.7.5 updates (Fedora Update).