7.8
CVE-2023-52444
- EPSS 0.25%
- Veröffentlicht 22.02.2024 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:39:46
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
f2fs: fix to avoid dirent corruption
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() ... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the ".." link. And cross-directory rename does move the source to new parent, even if you'd been asked to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below testcase, it may cause dirent corruption, due to it missed to call f2fs_set_link() to update ".." link to new directory. - mkdir -p dir/foo - renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '..', parent parent ino is [0x3] [FSCK] other corrupted bugs [Fail]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.2.0 < 4.19.306
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.268
Linux ≫ Linux Kernel Version >= 5.5.0 < 5.10.209
Linux ≫ Linux Kernel Version >= 5.11.0 < 5.15.148
Linux ≫ Linux Kernel Version >= 5.16.0 < 6.1.75
Linux ≫ Linux Kernel Version >= 6.2.0 < 6.6.14
Linux ≫ Linux Kernel Version >= 6.7.0 < 6.7.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.154 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46
https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862
https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28
https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024
https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310
https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728
https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7
https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77