5.5

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.3.3
SuseLinux Enterprise Version12.0 Updatesp5
SuseLinux Enterprise Version15.0 Updatesp4
SuseLinux Enterprise Version15.0 Updatesp5
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.156
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
Third Party Advisory
Mailing List
https://bugzilla.suse.com/show_bug.cgi?id=1211895
Patch
Third Party Advisory
Issue Tracking
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3
Patch
Mailing List
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31
Patch
Mailing List
https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321
Patch
Mailing List