CVE-2023-52900

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to the nilfs2 component of the Linux kernel. It occurs when nilfs2 reads a corrupted disk image and attempts to read a b-tree node block using an invalid virtual block address. The error code returned in this case is the same as the internal code used by b-tree lookup routines to indicate that a block does not exist, leading to potential misbehavior of functions operating on the b-tree. Specifically, when nilfs btree insert() receives this spurious 'not found' code from nilfs btree do lookup(), it misunderstands the 'not found' check as successful and continues the insert operation using incomplete lookup path data, causing a crash. The patch fixes this issue by replacing the error code returned by nilfs btree get block() on block address conversion failure from -ENOENT to -EINVAL, indicating corrupted b-tree metadata.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.