Lucene search

K
redhatcveRedhat.comRH:CVE-2023-52779
HistoryMay 23, 2024 - 11:09 a.m.

CVE-2023-52779

2024-05-2311:09:56
redhat.com
access.redhat.com
3
linux kernel
vulnerability
filesystem
getattr_nosec
security checks
overlayfs
ecryptfs
ima
null pointer
dereference

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

In the Linux kernel, the following vulnerability has been resolved: fs: Pass AT_GETATTR_NOSEC flag to getattr interface function When vfs_getattr_nosec() calls a filesystem’s getattr interface function then the ‘nosec’ should propagate into this function so that vfs_getattr_nosec() can again be called from the filesystem’s gettattr rather than vfs_getattr(). The latter would add unnecessary security checks that the initial vfs_getattr_nosec() call wanted to avoid. Therefore, introduce the getattr flag GETATTR_NOSEC and allow to pass with the new getattr_flags parameter to the getattr interface function. In overlayfs and ecryptfs use this flag to determine which one of the two functions to call. In a recent code change introduced to IMA vfs_getattr_nosec() ended up calling vfs_getattr() in overlayfs, which in turn called security_inode_getattr() on an exiting process that did not have current->fs set anymore, which then caused a kernel NULL pointer dereference. With this change the call to security_inode_getattr() can be avoided, thus avoiding the NULL pointer dereference.

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%