Vulnerability Details : CVE-2023-52436
In the Linux kernel, the following vulnerability has been resolved:
f2fs: explicitly null-terminate the xattr list
When setting an xattr, explicitly null-terminate the xattr list. This
eliminates the fragile assumption that the unused xattr space is always
zeroed.
Products affected by CVE-2023-52436
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-52436
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-52436
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-04-19 |
References for CVE-2023-52436
-
https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
[SECURITY] [DLA 3841-1] linux-5.10 security update
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
[SECURITY] [DLA 3840-1] linux security update
-
https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11
f2fs: explicitly null-terminate the xattr list - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to