Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2023-52852
HistoryMay 21, 2024 - 4:15 p.m.

CVE-2023-52852

2024-05-2116:15:22
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
linux kernel
vulnerability
f2fs
compress
use-after-free
dic

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

f2fs: compress: fix to avoid use-after-free on dic

Call trace:
__memcpy+0x128/0x250
f2fs_read_multi_pages+0x940/0xf7c
f2fs_mpage_readpages+0x5a8/0x624
f2fs_readahead+0x5c/0x110
page_cache_ra_unbounded+0x1b8/0x590
do_sync_mmap_readahead+0x1dc/0x2e4
filemap_fault+0x254/0xa8c
f2fs_filemap_fault+0x2c/0x104
__do_fault+0x7c/0x238
do_handle_mm_fault+0x11bc/0x2d14
do_mem_abort+0x3a8/0x1004
el0_da+0x3c/0xa0
el0t_64_sync_handler+0xc4/0xec
el0t_64_sync+0x1b4/0x1b8

In f2fs_read_multi_pages(), once f2fs_decompress_cluster() was called if
we hit cached page in compress_inode’s cache, dic may be released, it needs
break the loop rather than continuing it, in order to avoid accessing
invalid dic pointer.

Related

cvelist 1
vulnrichment 1
ubuntucve 1
cve 1
redhatcve 1
debiancve 1
cvelist
cvelist
CVE-2023-52852 f2fs: compress: fix to avoid use-after-free on dic
2024-05-21 15:31:47
vulnrichment
vulnrichment
CVE-2023-52852 f2fs: compress: fix to avoid use-after-free on dic
2024-05-21 15:31:47
ubuntucve
ubuntucve
CVE-2023-52852
2024-05-21 00:00:00
cve
cve
CVE-2023-52852
2024-05-21 16:15:22
redhatcve
redhatcve
CVE-2023-52852
2024-05-23 11:00:40
debiancve
debiancve
CVE-2023-52852
2024-05-21 16:15:22

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for NVD:CVE-2023-52852
cvelist1vulnrichment1ubuntucve1cve1redhatcve1debiancve1