Linux Kernel Chunk Sector Overflow Vulnerability in blk_stack_limits Function

A vulnerability in the Linux kernel's blk_stack_limits function could lead to an overflow in the chunk_sectors value. This issue arises because the chunk_sectors value is calculated in bytes, potentially exceeding the limits of the unsigned integer that stores it. The vulnerability affects the Linux kernel stable tree, specifically in versions prior to the latest commit that addresses this issue. The problem has been resolved by modifying the check to ensure it is based on sectors rather than bytes, preventing the overflow.

Impact

The vulnerability could cause an overflow in the chunk_sectors value, leading to incorrect handling of disk scheduling and potentially causing misalignment issues.

Reproduction

The vulnerability can be reproduced by setting a chunk_sectors value that, when converted to bytes, exceeds the maximum value of an unsigned integer. This can be done by configuring a block device with a large chunk_sectors value and a small physical_block_size, causing the byte conversion to overflow the unsigned int storage.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.