PT-2023-9486 · Linux+5 · Linux Kernel+5

Juhyung Park

·

Publicado

2023-12-15

·

Atualizado

2025-01-14

·

CVE-2023-52497

CVSS v3.1

6.1

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the erofs component in the Linux kernel, specifically with the lz4 inplace decompression. The problem arises because the LZ4 algorithm expects the compressed data to be arranged at the end of the decompressed buffer, but erofs typically maps two individual virtual buffers, making the relative order uncertain. This uncertainty can lead to data corruption, particularly on new Intel x86 processors with the FSRM feature, which exposes the issue with "rep movsb". The solution involves strictly using the decompressed buffer for lz4 inplace decompression.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-787

Identificadores relacionados

BDU:2024-07840
CVE-2023-52497
DLA-3842-1
DSA-5681-1
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1
USN-6765-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6892-1
USN-6919-1
USN-7159-1
USN-7159-2
USN-7159-3
USN-7159-4
USN-7159-5
USN-7195-1
USN-7195-2

Produtos afetados

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu