CVE-2023-52458: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52458 is a vulnerability in the Linux kernel's block subsystem that was discovered and disclosed in February 2024. The vulnerability affects multiple versions of the Linux kernel up to versions 5.10.215, 5.15.148, 6.1.75, 6.6.14, and 6.7.2. This issue occurs in the partition management functionality where there was no proper alignment check for partition lengths with block sizes (NVD).

The vulnerability stems from a missing validation check in the block subsystem. Before calling add partition or resize partition operations, the code did not verify whether the partition length was aligned with the logical block size. When the logical block size of the disk is larger than 512 bytes, the partition size might not be a multiple of the logical block size. This can lead to bio_truncate() adjusting the bio size, resulting in an IO error if the read command size becomes smaller than the logical block size. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in two types of issues: an IO error when reading the last sector if the read command size becomes smaller than the logical block size, and a null pointer dereference when calling bio_integrity_free if integrity data is supported. This can lead to system instability and potential denial of service conditions (Kernel Patch).

The vulnerability has been fixed in multiple Linux kernel versions through a patch that adds proper alignment checks for partition lengths. The fix includes additional validation to ensure that partition lengths are aligned with the logical block size before performing partition operations. Various Linux distributions have released updates incorporating this fix, including Ubuntu and Debian (Debian Security).