CVE-2023-52436

Summary

In the Linux kernel, the following vulnerability has been resolved:

f2fs: explicitly null-terminate the xattr list

When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 16ae3132ff7746894894927c1892493693b89135affected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 12cf91e23b126718a96b914f949f2cdfeadc7b2aaffected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 3e47740091b05ac8d7836a33afd8646b6863ca52affected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 32a6cfc67675ee96fe107aeed5af9776fec63f11affected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 5de9e9dd1828db9b8b962f7ca42548bd596deb8aaffected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < 2525d1ba225b5c167162fa344013c408e8b4de36affected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < f6c30bfe5a49bc38cae985083a11016800708feaaffected
LinuxLinux98e4da8ca301e062d79ae168c67e56f3c3de3ce4 < e26b6d39270f5eab0087453d9b544189a38c8564affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux4.19.306 <= 4.19.*unaffected
LinuxLinux5.4.268 <= 5.4.*unaffected
LinuxLinux5.10.209 <= 5.10.*unaffected
LinuxLinux5.15.148 <= 5.15.*unaffected
LinuxLinux6.1.74 <= 6.1.*unaffected
LinuxLinux6.6.13 <= 6.6.*unaffected
LinuxLinux6.7.1 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References