7.8

CVE-2023-53081

ocfs2: fix data corruption after failed write

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix data corruption after failed write

When buffered write fails to copy data into underlying page cache page,
ocfs2_write_end_nolock() just zeroes out and dirties the page.  This can
leave dirty page beyond EOF and if page writeback tries to write this page
before write succeeds and expands i_size, page gets into inconsistent
state where page dirty bit is clear but buffer dirty bits stay set
resulting in page data never getting written and so data copied to the
page is lost.  Fix the problem by invalidating page beyond EOF after
failed write.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.9.242 < 4.10
LinuxLinux Kernel Version >= 4.14.204 < 4.14.312
LinuxLinux Kernel Version >= 4.19.155 < 4.19.280
LinuxLinux Kernel Version >= 5.4.75 < 5.4.240
LinuxLinux Kernel Version >= 5.9.5 < 5.10.177
LinuxLinux Kernel Version >= 5.11 < 5.15.105
LinuxLinux Kernel Version >= 5.16 < 6.1.21
LinuxLinux Kernel Version >= 6.2 < 6.2.8
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.072
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3
Patch
https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45
Patch
https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089
Patch
https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68
Patch
https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6
Patch
https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b
Patch
https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57
Patch
https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715
Patch