7.8

CVE-2023-52436

f2fs: explicitly null-terminate the xattr list

In the Linux kernel, the following vulnerability has been resolved:

f2fs: explicitly null-terminate the xattr list

When setting an xattr, explicitly null-terminate the xattr list.  This
eliminates the fragile assumption that the unused xattr space is always
zeroed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.306
LinuxLinux Kernel Version >= 4.20.0 < 5.4.268
LinuxLinux Kernel Version >= 5.5.0 < 5.10.209
LinuxLinux Kernel Version >= 5.11.0 < 5.15.148
LinuxLinux Kernel Version >= 5.16.0 < 6.1.74
LinuxLinux Kernel Version >= 6.2.0 < 6.6.13
LinuxLinux Kernel Version >= 6.7.0 < 6.7.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.217
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a
Patch
https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135
Patch
https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36
Patch
https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11
Patch
https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52
Patch
https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a
Patch
https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564
Patch
https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea
Patch