Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-52444
HistoryFeb 22, 2024 - 12:00 a.m.

CVE-2023-52444

2024-02-2200:00:00
ubuntu.com
ubuntu.com
8
linux kernel
f2fs vulnerability
dirent corruption
filesystem security
cve-2023-52444

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

In the Linux kernel, the following vulnerability has been resolved: f2fs:
fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() …
if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode,
old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0);
You want correct inumber in the “…” link. And cross-directory rename does
move the source to new parent, even if you’d been asked to leave a whiteout
in the old place. [1]
https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below
testcase, it may cause dirent corruption, due to it missed to call
f2fs_set_link() to update “…” link to new directory. - mkdir -p dir/foo -
renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) –> Bad inode
number[0x4] for ‘…’, parent parent ino is [0x3] [FSCK] other corrupted
bugs [Fail]

Notes

Author Note
rodrigo-zaiden USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.
Rows per page:
1-10 of 791

References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%