In the Linux kernel, the following vulnerability has been resolved: fs:
Pass AT_GETATTR_NOSEC flag to getattr interface function When
vfs_getattr_nosec() calls a filesystem’s getattr interface function then
the ‘nosec’ should propagate into this function so that vfs_getattr_nosec()
can again be called from the filesystem’s gettattr rather than
vfs_getattr(). The latter would add unnecessary security checks that the
initial vfs_getattr_nosec() call wanted to avoid. Therefore, introduce the
getattr flag GETATTR_NOSEC and allow to pass with the new getattr_flags
parameter to the getattr interface function. In overlayfs and ecryptfs use
this flag to determine which one of the two functions to call. In a recent
code change introduced to IMA vfs_getattr_nosec() ended up calling
vfs_getattr() in overlayfs, which in turn called security_inode_getattr()
on an exiting process that did not have current->fs set anymore, which then
caused a kernel NULL pointer dereference. With this change the call to
security_inode_getattr() can be avoided, thus avoiding the NULL pointer
dereference.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf (6.7-rc3)
git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4
git.kernel.org/stable/c/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf
launchpad.net/bugs/cve/CVE-2023-52779
nvd.nist.gov/vuln/detail/CVE-2023-52779
security-tracker.debian.org/tracker/CVE-2023-52779
www.cve.org/CVERecord?id=CVE-2023-52779