CVE-2023-52436 f2fs: explicitly null-terminate the xattr list

🗓️ 20 Feb 2024 18:34:47Reported by LinuxType

Resolved Linux kernel vulnerability in f2fs by explicitly null-terminating xattr list

Reporter	Title	Published	Views	Family All 133
AstraLinux	Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1	3 May 202623:59	–	astralinux
BDU FSTEC	The vulnerability of the __f2fs_setxattr() function in the fs/f2fs/xattr.c file of the Linux file system’s f2fs kernel module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.	15 May 202400:00	–	bdu_fstec
Circl	CVE-2023-52436	20 Feb 202422:26	–	circl
CNNVD	Linux kernel security vulnerabilities	20 Feb 202400:00	–	cnnvd
CVE	CVE-2023-52436	20 Feb 202418:34	–	cve
Debian	[SECURITY] [DLA 3840-1] linux security update	27 Jun 202411:30	–	debian
Debian	[SECURITY] [DLA 3841-1] linux-5.10 security update	25 Jun 202419:41	–	debian
Debian CVE	CVE-2023-52436	20 Feb 202418:34	–	debiancve
Tenable Nessus	Debian dla-3840 : hyperv-daemons - security update	27 Jun 202400:00	–	nessus
Tenable Nessus	Debian dla-3841 : linux-config-5.10 - security update	27 Jun 202400:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/f2fs/xattr.c"
    ],
    "versions": [
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "16ae3132ff7746894894927c1892493693b89135",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "12cf91e23b126718a96b914f949f2cdfeadc7b2a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "3e47740091b05ac8d7836a33afd8646b6863ca52",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "32a6cfc67675ee96fe107aeed5af9776fec63f11",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "5de9e9dd1828db9b8b962f7ca42548bd596deb8a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "2525d1ba225b5c167162fa344013c408e8b4de36",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "f6c30bfe5a49bc38cae985083a11016800708fea",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
        "lessThan": "e26b6d39270f5eab0087453d9b544189a38c8564",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/f2fs/xattr.c"
    ],
    "versions": [
      {
        "version": "3.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.8",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "4.19.306",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.4.268",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.10.209",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.15.148",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.74",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.13",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.7.1",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.8",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135
git	www.git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a
git	www.git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a
git	www.git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52
git	www.git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea
git	www.git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11
git	www.git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564
git	www.git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36

11 May 2026 19:27Current

7.7High risk

Vulners AI Score7.7

EPSS0.00302