CVE-2023-52526

Summary

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix memory leak of LZMA global compressed deduplication

When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled (-Ededupe), I found some short-lived temporary pages weren't properly released, which could slowly cause unexpected OOMs hours later.

Let's fix it now (LZ4 and DEFLATE don't have this issue.)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5c2a64252c5dc4cfe78e5b2a531c118894e3d155 < 6a5a8f0a9740f865693d5aa97a42cc4504538e18affected
LinuxLinux5c2a64252c5dc4cfe78e5b2a531c118894e3d155 < c955751cbf864cf2055117dd3fe7f780d2a57b56affected
LinuxLinux5c2a64252c5dc4cfe78e5b2a531c118894e3d155 < 75a5221630fe5aa3fedba7a06be618db0f79ba1eaffected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.57 <= 6.1.*unaffected
LinuxLinux6.5.7 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References