LinuxVULNRICHMENT:CVE-2023-52436CVE-2023-52436 f2fs: explicitly null-terminate the xattr list
In the Linux kernel, the following vulnerability has been resolved:
f2fs: explicitly null-terminate the xattr list
When setting an xattr, explicitly null-terminate the xattr list. This
eliminates the fragile assumption that the unused xattr space is always
zeroed.
CNA Affected
[
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "16ae3132ff77",
"versionType": "git"
},
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "12cf91e23b12",
"versionType": "git"
},
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "3e47740091b0",
"versionType": "git"
},
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "32a6cfc67675",
"versionType": "git"
},
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "5de9e9dd1828",
"versionType": "git"
},
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "2525d1ba225b",
"versionType": "git"
},
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "f6c30bfe5a49",
"versionType": "git"
},
{
"status": "affected",
"version": "1da177e4c3f4",
"lessThan": "e26b6d39270f",
"versionType": "git"
}
],
"programFiles": [
"fs/f2fs/xattr.c"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "unaffected",
"version": "4.19.306",
"versionType": "custom",
"lessThanOrEqual": "4.19.*"
},
{
"status": "unaffected",
"version": "5.4.268",
"versionType": "custom",
"lessThanOrEqual": "5.4.*"
},
{
"status": "unaffected",
"version": "5.10.209",
"versionType": "custom",
"lessThanOrEqual": "5.10.*"
},
{
"status": "unaffected",
"version": "5.15.148",
"versionType": "custom",
"lessThanOrEqual": "5.15.*"
},
{
"status": "unaffected",
"version": "6.1.74",
"versionType": "custom",
"lessThanOrEqual": "6.1.*"
},
{
"status": "unaffected",
"version": "6.6.13",
"versionType": "custom",
"lessThanOrEqual": "6.6.*"
},
{
"status": "unaffected",
"version": "6.7.1",
"versionType": "custom",
"lessThanOrEqual": "6.7.*"
},
{
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix",
"lessThanOrEqual": "*"
}
],
"programFiles": [
"fs/f2fs/xattr.c"
],
"defaultStatus": "affected"
}
]References
git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a
git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135
git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36
git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11
git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52
git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a
git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564
git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea
lists.debian.org/debian-lts-announce/2024/06/msg00016.html
lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Related
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%