{"id":"CVE-2023-52618","summary":"block/rnbd-srv: Check for unlikely string overflow","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rnbd-srv: Check for unlikely string overflow\n\nSince \"dev_search_path\" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto \"full_path\" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\n\ndrivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n  616 |                 snprintf(full_path, PATH_MAX, \"%s/%s\",\n      |                                                   ^~\nIn function 'rnbd_srv_get_full_path',\n    inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096\n  616 |                 snprintf(full_path, PATH_MAX, \"%s/%s\",\n      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n  617 |                          dev_search_path, dev_name);\n      |                          ~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where \"%SESSNAME%\" was present).","modified":"2026-04-02T09:43:06.706197Z","published":"2024-03-18T10:19:05.275Z","related":["SUSE-SU-2024:2008-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2135-1","SUSE-SU-2024:2190-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1","USN-6818-2","USN-6819-2"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52618.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5b9ea86e662035a886ccb5c76d56793cba618827"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95bc866c11974d3e4a9d922275ea8127ff809cf7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2c6206f18104fba7f887bf4dbbfe4c41adc4339"},{"type":"WEB","url":"https://git.kernel.org/stable/c/af7bbdac89739e2e7380387fda598848d3b7010f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6abd5e17da33eba15df2bddc93413e76c2b55f7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52618.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52618"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2de6c8de192b9341ffa5e84afe1ce6196d4eef41"},{"fixed":"95bc866c11974d3e4a9d922275ea8127ff809cf7"},{"fixed":"f6abd5e17da33eba15df2bddc93413e76c2b55f7"},{"fixed":"af7bbdac89739e2e7380387fda598848d3b7010f"},{"fixed":"5b9ea86e662035a886ccb5c76d56793cba618827"},{"fixed":"a2c6206f18104fba7f887bf4dbbfe4c41adc4339"},{"fixed":"9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52618.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}