🔴 《严重安全漏洞:CVE-2026-53043》

CVSS 评分: 严重(9.1)  状态: Received  发布时间: 2026-06-24

英文原文描述

In the Linux kernel, the following vulnerability has been resolved:

ocfs2/dlm: validate qr_numregions in dlm_match_regions()

Patch series "ocfs2/dlm: fix two bugs in dlm_match_regions()".

In dlm_match_regions(), the qr_numregions field from a DLM_QUERY_REGION
network message is used to drive loops over the qr_regions buffer without
sufficient validation. This series fixes two issues:

  • Patch 1 adds a bounds check to reject messages where qr_numregions
    exceeds O2NM_MAX_REGIONS. The o2net layer only validates message
    byte length; it does not constrain field values, so a crafted message
    can set qr_numregions up to 255 and trigger out-of-bounds reads past
    the 1024-byte qr_regions buffer.

  • Patch 2 fixes an off-by-one in the local-vs-remote comparison loop,
    which uses '<=' instead of '<', reading one entry past the valid range
    even when qr_numregions is within bounds.

This patch (of 2):

The qr_numregions field from a DLM_QUERY_REGION network message is used
directly as loop bounds in dlm_match_regions() without checking against
O2NM_MAX_REGIONS. Since qr_regions is sized for at most O2NM_MAX_REGIONS
(32) entries, a crafted message with qr_numregions > 32 causes
out-of-bounds reads past the qr_regions buffer.

Add a bounds check for qr_numregions before entering the loops.

🔍 技术细节

字段
CVE ID CVE-2026-53043
CVSS 评分 9.1 🔴
严重程度 严重
CVSS 向量 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
发布时间 2026-06-24
最后更新 2026-06-28
状态 Received
数据来源 416baaa9-dc9f-4396-8d5f-8c081fb06d67

🔗 参考链接

🤖 本文由 CVE 安全快讯机器人自动生成
英文描述已由 AI 自动翻译为中文,仅供参考,请以原文为准
数据来源: NVD (National Vulnerability Database) | 获取时间: 2026-06-28 18:15