CVE-2023-53165

Summary

In the Linux kernel, the following vulnerability has been resolved:

udf: Fix uninitialized array access for some pathnames

For filenames that begin with . and are between 2 and 5 characters long, UDF charset conversion code would read uninitialized memory in the output buffer. The only practical impact is that the name may be prepended a "unification hash" when it is not actually needed but still it is good to fix this.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < 008ae78d1e12efa904dc819b1ec83e2bca6b2c56affected
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < b37f998d357102e8eb0f8eeb33f03fff22e49cbfaffected
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < 3f1368af47acf4d0b2a5fb0d2c0d6919d2234b6daffected
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < 4503f6fc95d6dee85fb2c54785848799e192c51caffected
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < 985f9666698960dfc87a106d6314203fa90fda75affected
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < a6824149809395dfbb5bc36bc7057cc3cb84e56daffected
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < 4d50988da0db167aed6f38685145cb5cd526c4f8affected
LinuxLinux484a10f49387e4386bf2708532e75bf78ffea2cb < 028f6055c912588e6f72722d89c30b401bbcf013affected
LinuxLinux4.6affected
LinuxLinux0 < 4.6unaffected
LinuxLinux4.14.324 <= 4.14.*unaffected
LinuxLinux4.19.293 <= 4.19.*unaffected
LinuxLinux5.4.255 <= 5.4.*unaffected
LinuxLinux5.10.192 <= 5.10.*unaffected
LinuxLinux5.15.123 <= 5.15.*unaffected
LinuxLinux6.1.42 <= 6.1.*unaffected
LinuxLinux6.4.7 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References