CVE-2023-54313

EPSS 0.03%
Veröffentlicht 30.12.2025 12:23:44
Zuletzt bearbeitet 31.12.2025 20:42:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ovl: fix null pointer dereference in ovl_get_acl_rcu()

Following process:
         P1                     P2
 path_openat
  link_path_walk
   may_lookup
    inode_permission(rcu)
     ovl_permission
      acl_permission_check
       check_acl
        get_cached_acl_rcu
	 ovl_get_inode_acl
	  realinode = ovl_inode_real(ovl_inode)
	                      drop_cache
		               __dentry_kill(ovl_dentry)
				iput(ovl_inode)
		                 ovl_destroy_inode(ovl_inode)
		                  dput(oi->__upperdentry)
		                   dentry_kill(upperdentry)
		                    dentry_unlink_inode
				     upperdentry->d_inode = NULL
	    ovl_inode_upper
	     upperdentry = ovl_i_dentry_upper(ovl_inode)
	     d_inode(upperdentry) // returns NULL
	  IS_POSIXACL(realinode) // NULL pointer dereference
, will trigger an null pointer dereference at realinode:
  [  205.472797] BUG: kernel NULL pointer dereference, address:
                 0000000000000028
  [  205.476701] CPU: 2 PID: 2713 Comm: ls Not tainted
                 6.3.0-12064-g2edfa098e750-dirty #1216
  [  205.478754] RIP: 0010:do_ovl_get_acl+0x5d/0x300
  [  205.489584] Call Trace:
  [  205.489812]  <TASK>
  [  205.490014]  ovl_get_inode_acl+0x26/0x30
  [  205.490466]  get_cached_acl_rcu+0x61/0xa0
  [  205.490908]  generic_permission+0x1bf/0x4e0
  [  205.491447]  ovl_permission+0x79/0x1b0
  [  205.491917]  inode_permission+0x15e/0x2c0
  [  205.492425]  link_path_walk+0x115/0x550
  [  205.493311]  path_lookupat.isra.0+0xb2/0x200
  [  205.493803]  filename_lookup+0xda/0x240
  [  205.495747]  vfs_fstatat+0x7b/0xb0

Fetch a reproducer in [Link].

Use the helper ovl_i_path_realinode() to get realinode and then do
non-nullptr checking.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d97481c7b2739a704848bb3c01f224dc71bdf78e

Version 332f606b32b6291a944c8cf23b91f53a6e676525

Status affected

Version < c4a5fb1ae5d3f02d3227afde2b9339994389463d

Version 332f606b32b6291a944c8cf23b91f53a6e676525

Status affected

Version < d536af163c53ce9f9bcfe87d2e9946f06f1a7ea4

Version 332f606b32b6291a944c8cf23b91f53a6e676525

Status affected

Version < f4e19e595cc2e76a8a58413eb19d3d9c51328b53

Version 332f606b32b6291a944c8cf23b91f53a6e676525

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.121

Status unaffected

Version <= 6.1.*

Version 6.1.40

Status unaffected

Version <= 6.4.*

Version 6.4.4

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/d97481c7b2739a704848bb3c01f224dc71bdf78e

https://git.kernel.org/stable/c/c4a5fb1ae5d3f02d3227afde2b9339994389463d

https://git.kernel.org/stable/c/d536af163c53ce9f9bcfe87d2e9946f06f1a7ea4

https://git.kernel.org/stable/c/f4e19e595cc2e76a8a58413eb19d3d9c51328b53

https://nvd.nist.gov/vuln/detail/CVE-2023-54313

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54313

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54313

EUVD