CVE-2023-53796

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s f2fs file system related to information disclosure. Specifically, when converting an inline directory to a regular directory, the f2fs move inline dirents() function leaks uninitialized memory to disk because the entire directory block is not initialized. This issue was introduced by a commit that did not account for the security implications of leaking uninitialized memory. The problem was identified through testing with xfstest generic/435 on a KMSAN-enabled kernel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.