CVE-2023-52852

Severity CVSS v4.0:

Pending analysis

Type:

CWE-416 Use After Free

Publication date:

21/05/2024

Last modified:

30/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to avoid use-after-free on dic Call trace: __memcpy+0x128/0x250 f2fs_read_multi_pages+0x940/0xf7c f2fs_mpage_readpages+0x5a8/0x624 f2fs_readahead+0x5c/0x110 page_cache_ra_unbounded+0x1b8/0x590 do_sync_mmap_readahead+0x1dc/0x2e4 filemap_fault+0x254/0xa8c f2fs_filemap_fault+0x2c/0x104 __do_fault+0x7c/0x238 do_handle_mm_fault+0x11bc/0x2d14 do_mem_abort+0x3a8/0x1004 el0_da+0x3c/0xa0 el0t_64_sync_handler+0xc4/0xec el0t_64_sync+0x1b4/0x1b8 In f2fs_read_multi_pages(), once f2fs_decompress_cluster() was called if we hit cached page in compress_inode&#39;s cache, dic may be released, it needs break the loop rather than continuing it, in order to avoid accessing invalid dic pointer.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

7.80

Severity 3.x

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:linux:linux_kernel::::::::	5.13.19 (including)	5.15.139 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	5.16 (including)	6.1.63 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	6.2 (including)	6.5.12 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	6.6 (including)	6.6.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page

CVE-2023-52852

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools