CVE-2024-23851: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel through version 6.7.1, specifically in the copy_params function within drivers/md/dm-ioctl.c. The vulnerability (CVE-2024-23851) allows the function to attempt to allocate more than INT_MAX bytes and crash due to a missing param_kernel->data_size check. This issue is related to the ctl_ioctl functionality (NVD, CVE).

The vulnerability exists in the device mapper driver's copy_params function where it can attempt to allocate more than INT_MAX bytes using kvmalloc without proper size validation. The issue stems from insufficient validation of param_kernel->data_size before memory allocation. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a denial of service (system crash) through memory allocation failure. The impact is limited to local attacks and requires CAP_SYS_ADMIN (root) privileges in the initial namespace (Ubuntu).

The vulnerability has been fixed in various Linux distributions through security updates. For example, Debian has addressed this in version 5.10.216-1~deb10u1 for Debian 10 (buster), and Ubuntu has released fixes across multiple versions including 5.15.0-102.112 for Ubuntu 22.04 LTS (Debian, Ubuntu).

Linus Torvalds responded to the vulnerability report by emphasizing that the fix should be implemented in the caller with proper limit checking, suggesting either implementing reasonable safe limits or using __GPF_NOWARN with proper error handling (Spinics).