CVE-2023-52852

2024-05-2116:15:22

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

f2fs vulnerability

use-after-free

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.8%

JSON

In the Linux kernel, the following vulnerability has been resolved:

f2fs: compress: fix to avoid use-after-free on dic

Call trace:
__memcpy+0x128/0x250
f2fs_read_multi_pages+0x940/0xf7c
f2fs_mpage_readpages+0x5a8/0x624
f2fs_readahead+0x5c/0x110
page_cache_ra_unbounded+0x1b8/0x590
do_sync_mmap_readahead+0x1dc/0x2e4
filemap_fault+0x254/0xa8c
f2fs_filemap_fault+0x2c/0x104
__do_fault+0x7c/0x238
do_handle_mm_fault+0x11bc/0x2d14
do_mem_abort+0x3a8/0x1004
el0_da+0x3c/0xa0
el0t_64_sync_handler+0xc4/0xec
el0t_64_sync+0x1b4/0x1b8

In f2fs_read_multi_pages(), once f2fs_decompress_cluster() was called if
we hit cached page in compress_inode’s cache, dic may be released, it needs
break the loop rather than continuing it, in order to avoid accessing
invalid dic pointer.

Affected configurations

Vulners

Node

linuxlinux_kernelRange5.14–5.15.139

linuxlinux_kernelRange5.16.0–6.1.63

linuxlinux_kernelRange6.2.0–6.5.12

linuxlinux_kernelRange6.6.0–6.6.2

linuxlinux_kernelRange6.7.0≥

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/f2fs/data.c"
    ],
    "versions": [
      {
        "version": "6ce19aff0b8c",
        "lessThan": "8c4504cc0c64",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6ce19aff0b8c",
        "lessThan": "9375ea7f2690",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6ce19aff0b8c",
        "lessThan": "932ddb5c29e8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6ce19aff0b8c",
        "lessThan": "9d065aa52b6e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "6ce19aff0b8c",
        "lessThan": "b0327c84e91a",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/f2fs/data.c"
    ],
    "versions": [
      {
        "version": "5.14",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.14",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.139",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.63",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.5.12",
        "lessThanOrEqual": "6.5.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.2",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]