CVE-2023-52436
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/02/2024
Last modified:
04/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
f2fs: explicitly null-terminate the xattr list<br />
<br />
When setting an xattr, explicitly null-terminate the xattr list. This<br />
eliminates the fragile assumption that the unused xattr space is always<br />
zeroed.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.306 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20.0 (including) | 5.4.268 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5.0 (including) | 5.10.209 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11.0 (including) | 5.15.148 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16.0 (including) | 6.1.74 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2.0 (including) | 6.6.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7.0 (including) | 6.7.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a
- https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135
- https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36
- https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11
- https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52
- https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a
- https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564
- https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea