CVE-2023-52852
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to avoid use-after-free on dic
Call trace: __memcpy+0x128/0x250 f2fs_read_multi_pages+0x940/0xf7c f2fs_mpage_readpages+0x5a8/0x624 f2fs_readahead+0x5c/0x110 page_cache_ra_unbounded+0x1b8/0x590 do_sync_mmap_readahead+0x1dc/0x2e4 filemap_fault+0x254/0xa8c f2fs_filemap_fault+0x2c/0x104 __do_fault+0x7c/0x238 do_handle_mm_fault+0x11bc/0x2d14 do_mem_abort+0x3a8/0x1004 el0_da+0x3c/0xa0 el0t_64_sync_handler+0xc4/0xec el0t_64_sync+0x1b4/0x1b8
In f2fs_read_multi_pages(), once f2fs_decompress_cluster() was called if we hit cached page in compress_inode's cache, dic may be released, it needs break the loop rather than continuing it, in order to avoid accessing invalid dic pointer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 6ce19aff0b8cd386860855185c6cd79337fc4d2b < 8c4504cc0c64862740a6acb301e0cfa59580dbc5 | affected |
| Linux | Linux | 6ce19aff0b8cd386860855185c6cd79337fc4d2b < 9375ea7f269093d7c884857ae1f47633a91f429c | affected |
| Linux | Linux | 6ce19aff0b8cd386860855185c6cd79337fc4d2b < 932ddb5c29e884cc6fac20417ece72ba4a35c401 | affected |
| Linux | Linux | 6ce19aff0b8cd386860855185c6cd79337fc4d2b < 9d065aa52b6ee1b06f9c4eca881c9b4425a12ba2 | affected |
| Linux | Linux | 6ce19aff0b8cd386860855185c6cd79337fc4d2b < b0327c84e91a0f4f0abced8cb83ec86a7083f086 | affected |
| Linux | Linux | a23706426da9b611be5beae0f3faa260fb453b4e | affected |
| Linux | Linux | 5.13.19 < 5.14 | affected |
| Linux | Linux | 5.14 | affected |
| Linux | Linux | 0 < 5.14 | unaffected |
| Linux | Linux | 5.15.139 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.63 <= 6.1.* | unaffected |
| Linux | Linux | 6.5.12 <= 6.5.* | unaffected |
| Linux | Linux | 6.6.2 <= 6.6.* | unaffected |
| Linux | Linux | 6.7 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/8c4504cc0c64862740a6acb301e0cfa59580dbc5
- https://git.kernel.org/stable/c/9375ea7f269093d7c884857ae1f47633a91f429c
- https://git.kernel.org/stable/c/932ddb5c29e884cc6fac20417ece72ba4a35c401
- https://git.kernel.org/stable/c/9d065aa52b6ee1b06f9c4eca881c9b4425a12ba2
- https://git.kernel.org/stable/c/b0327c84e91a0f4f0abced8cb83ec86a7083f086
References
- https://git.kernel.org/stable/c/8c4504cc0c64862740a6acb301e0cfa59580dbc5
- https://git.kernel.org/stable/c/9375ea7f269093d7c884857ae1f47633a91f429c
- https://git.kernel.org/stable/c/932ddb5c29e884cc6fac20417ece72ba4a35c401
- https://git.kernel.org/stable/c/9d065aa52b6ee1b06f9c4eca881c9b4425a12ba2
- https://git.kernel.org/stable/c/b0327c84e91a0f4f0abced8cb83ec86a7083f086
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.