CVE-2023-53662

Summary

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}

If the filename casefolding fails, we'll be leaking memory from the fscrypt_name struct, namely from the 'crypto_buf.name' member.

Make sure we free it in the error path on both ext4_fname_setup_filename() and ext4_fname_prepare_lookup() functions.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1ae98e295fa2577fb5e492200c58d10230e00e99 < 98fc9c2cc45cfcb56961a73de3ec69b474063fc0affected
LinuxLinux1ae98e295fa2577fb5e492200c58d10230e00e99 < 1fb3f1bbfdb511034b0360dbeb0f6a8424ed2a5caffected
LinuxLinux1ae98e295fa2577fb5e492200c58d10230e00e99 < 36daf050be3f6f067631dc52054de2d3b7cc849faffected
LinuxLinux1ae98e295fa2577fb5e492200c58d10230e00e99 < 7ca4b085f430f3774c3838b3da569ceccd6a0177affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.54 <= 6.1.*unaffected
LinuxLinux6.5.4 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

References