CVE-2023-53506

Summary

In the Linux kernel, the following vulnerability has been resolved:

udf: Do not bother merging very long extents

When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore there was a bug in the logic resulting in corrupting extents in the file as syzbot reproducer shows. So just don't bother with the merging of extents that are too long together.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d52252a1de4cf96a34f722b0cd8902d8ff78eb57affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5d029799d381a9ee06209a222cae75f04c5d5304affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3d20e3b768aff32112bdce8d3219d923ae75f9f1affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 965982feb333aefa9256c0fe188b5f1b958aef63affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9a8d602f0723586e668bae7e65c832ceb9bcc8bcaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < adac9ac6d2e04ea0782b91a00ba10706002f3ec4affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7a965da79f2d22601f329cbfce588386b0847544affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 53cafe1d6d8ef9f93318e5bfccc0d24f27d41cedaffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.14.308 <= 4.14.*unaffected
LinuxLinux4.19.276 <= 4.19.*unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.99 <= 5.15.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References