-

CVE-2023-54132

In the Linux kernel, the following vulnerability has been resolved:

erofs: stop parsing non-compact HEAD index if clusterofs is invalid

Syzbot generated a crafted image [1] with a non-compact HEAD index of
clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1,
which causes the following unexpected behavior as below:

 BUG: unable to handle page fault for address: fffff52101a3fff9
 #PF: supervisor read access in kernel mode
 #PF: error_code(0x0000) - not-present page
 PGD 23ffed067 P4D 23ffed067 PUD 0
 Oops: 0000 [#1] PREEMPT SMP KASAN
 CPU: 1 PID: 4398 Comm: kworker/u5:1 Not tainted 6.3.0-rc6-syzkaller-g09a9639e56c0 #0
 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
 Workqueue: erofs_worker z_erofs_decompressqueue_work
 RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40
 ...
 Call Trace:
  <TASK>
  z_erofs_decompressqueue_work+0x99/0xe0
  process_one_work+0x8f6/0x1170
  worker_thread+0xa63/0x1210
  kthread+0x270/0x300
  ret_from_fork+0x1f/0x30

Note that normal images or images using compact indexes are not
impacted.  Let's fix this now.

[1] https://lore.kernel.org/r/000000000000ec75b005ee97fbaa@google.com
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 880c79bdb002b9d5b6940e52c2ad3829c2178207
Version 02827e1796b33f1794966f5c3101f8da2dfa9c1d
Status affected
Version < 7a4579cd6e4936de107c82499c3c9ee11b63401e
Version 02827e1796b33f1794966f5c3101f8da2dfa9c1d
Status affected
Version < 060fecf1114ff9fcfe87953fe8c4fc5048777160
Version 02827e1796b33f1794966f5c3101f8da2dfa9c1d
Status affected
Version < 7ee7a86e28ce9ead7112286c388df8d254c373c6
Version 02827e1796b33f1794966f5c3101f8da2dfa9c1d
Status affected
Version < f01b2894928affa3339d355608713cf3db8360b8
Version 02827e1796b33f1794966f5c3101f8da2dfa9c1d
Status affected
Version < 96a845419b3722869f09883319de4d55c44d9aef
Version 02827e1796b33f1794966f5c3101f8da2dfa9c1d
Status affected
Version < cc4efd3dd2ac9f89143e5d881609747ecff04164
Version 02827e1796b33f1794966f5c3101f8da2dfa9c1d
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.19
Status affected
Version < 4.19
Version 0
Status unaffected
Version <= 5.4.*
Version 5.4.243
Status unaffected
Version <= 5.10.*
Version 5.10.180
Status unaffected
Version <= 5.15.*
Version 5.15.111
Status unaffected
Version <= 6.1.*
Version 6.1.28
Status unaffected
Version <= 6.2.*
Version 6.2.15
Status unaffected
Version <= 6.3.*
Version 6.3.2
Status unaffected
Version <= *
Version 6.4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.12
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.