7.8

CVE-2023-53506

udf: Do not bother merging very long extents

In the Linux kernel, the following vulnerability has been resolved:

udf: Do not bother merging very long extents

When merging very long extents we try to push as much length as possible
to the first extent. However this is unnecessarily complicated and not
really worth the trouble. Furthermore there was a bug in the logic
resulting in corrupting extents in the file as syzbot reproducer shows.
So just don't bother with the merging of extents that are too long
together.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12.1 < 4.14.308
LinuxLinux Kernel Version >= 4.15 < 4.19.276
LinuxLinux Kernel Version >= 4.20 < 5.4.235
LinuxLinux Kernel Version >= 5.5 < 5.10.173
LinuxLinux Kernel Version >= 5.11 < 5.15.99
LinuxLinux Kernel Version >= 5.16 < 6.1.16
LinuxLinux Kernel Version >= 6.2 < 6.2.3
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.049
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/3d20e3b768aff32112bdce8d3219d923ae75f9f1
Patch
https://git.kernel.org/stable/c/53cafe1d6d8ef9f93318e5bfccc0d24f27d41ced
Patch
https://git.kernel.org/stable/c/5d029799d381a9ee06209a222cae75f04c5d5304
Patch
https://git.kernel.org/stable/c/7a965da79f2d22601f329cbfce588386b0847544
Patch
https://git.kernel.org/stable/c/965982feb333aefa9256c0fe188b5f1b958aef63
Patch
https://git.kernel.org/stable/c/9a8d602f0723586e668bae7e65c832ceb9bcc8bc
Patch
https://git.kernel.org/stable/c/adac9ac6d2e04ea0782b91a00ba10706002f3ec4
Patch
https://git.kernel.org/stable/c/d52252a1de4cf96a34f722b0cd8902d8ff78eb57
Patch