cvelistv5 - cve-2023-52436

CVE-2023-52436 (GCVE-0-2023-52436)

Vulnerability from cvelistv5

Published

2024-02-20 18:34

Modified

2025-07-11 17:19

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.

References

►

URL

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Impacted products

Vendor

Product

Version

►

Linux

Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4

Linux

Version: 3.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:39:15.806517Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:01.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "16ae3132ff7746894894927c1892493693b89135",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "12cf91e23b126718a96b914f949f2cdfeadc7b2a",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "3e47740091b05ac8d7836a33afd8646b6863ca52",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "32a6cfc67675ee96fe107aeed5af9776fec63f11",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "5de9e9dd1828db9b8b962f7ca42548bd596deb8a",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "2525d1ba225b5c167162fa344013c408e8b4de36",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "f6c30bfe5a49bc38cae985083a11016800708fea",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "e26b6d39270f5eab0087453d9b544189a38c8564",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.74",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.74",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.13",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.1",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\neliminates the fragile assumption that the unused xattr space is always\nzeroed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:19:28.135Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
        },
        {
          "url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
        },
        {
          "url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
        },
        {
          "url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
        },
        {
          "url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
        }
      ],
      "title": "f2fs: explicitly null-terminate the xattr list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52436",
    "datePublished": "2024-02-20T18:34:47.387Z",
    "dateReserved": "2024-02-20T12:30:33.290Z",
    "dateUpdated": "2025-07-11T17:19:28.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52436\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-20T21:15:08.060\",\"lastModified\":\"2024-11-21T08:39:45.483\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: explicitly null-terminate the xattr list\\n\\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\\neliminates the fragile assumption that the unused xattr space is always\\nzeroed.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: termina expl\u00edcitamente en nulo la lista xattr Al configurar un xattr, termina expl\u00edcitamente en nulo la lista xattr. Esto elimina la fr\u00e1gil suposici\u00f3n de que el espacio xattr no utilizado siempre se pone a cero.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.19.306\",\"matchCriteriaId\":\"0A7AEFD0-0681-4E8D-9074-27416D3EE94C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20.0\",\"versionEndExcluding\":\"5.4.268\",\"matchCriteriaId\":\"35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"5.10.209\",\"matchCriteriaId\":\"5D2E4F24-2FBB-4434-8598-2B1499E566B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.15.148\",\"matchCriteriaId\":\"E25E1389-4B0F-407A-9C94-5908FF3EE88B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.0\",\"versionEndExcluding\":\"6.1.74\",\"matchCriteriaId\":\"F7DD9841-CE11-470D-A285-A2E8E0F6640D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"6.6.13\",\"matchCriteriaId\":\"74A1FFC7-19FA-450E-BC2D-2BBD2EBF0A5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.7.1\",\"matchCriteriaId\":\"664EB721-F519-48BB-B1C8-897D5990CD78\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:55:41.676Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52436\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-21T20:39:15.806517Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:12.599Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"f2fs: explicitly null-terminate the xattr list\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"16ae3132ff7746894894927c1892493693b89135\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"12cf91e23b126718a96b914f949f2cdfeadc7b2a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"3e47740091b05ac8d7836a33afd8646b6863ca52\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"32a6cfc67675ee96fe107aeed5af9776fec63f11\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"5de9e9dd1828db9b8b962f7ca42548bd596deb8a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"2525d1ba225b5c167162fa344013c408e8b4de36\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"f6c30bfe5a49bc38cae985083a11016800708fea\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"e26b6d39270f5eab0087453d9b544189a38c8564\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/f2fs/xattr.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.8\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"3.8\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.306\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.268\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.209\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.148\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.74\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/f2fs/xattr.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135\"}, {\"url\": \"https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a\"}, {\"url\": \"https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52\"}, {\"url\": \"https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11\"}, {\"url\": \"https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a\"}, {\"url\": \"https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36\"}, {\"url\": \"https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea\"}, {\"url\": \"https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: explicitly null-terminate the xattr list\\n\\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\\neliminates the fragile assumption that the unused xattr space is always\\nzeroed.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.306\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.268\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.209\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.148\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.74\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.13\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.1\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8\", \"versionStartIncluding\": \"3.8\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-07-11T17:19:28.135Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-52436\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-11T17:19:28.135Z\", \"dateReserved\": \"2024-02-20T12:30:33.290Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-20T18:34:47.387Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2024-0444

Vulnerability from csaf_certbund

Published

2024-02-20 23:00

Modified

2025-06-04 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0444 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0444.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0444 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0444"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022009-subsoil-halt-4b28@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022017-slit-wish-e5d7@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022024-uniquely-recluse-d893@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022026-wobbling-jumbo-748e@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022033-makeshift-flammable-cb72@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022048-rind-huff-b1a2@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022056-operative-cork-082c@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-20",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022058-outsell-equator-e1c5@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://github.com/advisories/GHSA-42p9-m692-hxrc"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://github.com/advisories/GHSA-25g3-q597-79m8"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265185"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://github.com/advisories/GHSA-7gq6-cq6r-rrpx"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://github.com/advisories/GHSA-23gm-fr88-2r8c"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://github.com/advisories/GHSA-6vr7-3j3q-8546"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://github.com/advisories/GHSA-74mg-f7w3-pcrr"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-20",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265184"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-D16D94B00D vom 2024-02-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d16d94b00d"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-71F0F16533 vom 2024-02-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-71f0f16533"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-061 vom 2024-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-061.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-051 vom 2024-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-051.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6688-1 vom 2024-03-11",
        "url": "https://ubuntu.com/security/notices/USN-6688-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0855-1 vom 2024-03-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018151.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0858-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018153.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0900-1 vom 2024-03-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018167.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0910-1 vom 2024-03-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018181.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0900-2 vom 2024-03-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018182.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0977-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018210.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-062 vom 2024-04-01",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-062.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-040 vom 2024-04-01",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-040.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-053 vom 2024-04-01",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-053.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-052 vom 2024-04-01",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-052.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6724-1 vom 2024-04-09",
        "url": "https://ubuntu.com/security/notices/USN-6724-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6726-1 vom 2024-04-09",
        "url": "https://ubuntu.com/security/notices/USN-6726-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6725-1 vom 2024-04-09",
        "url": "https://ubuntu.com/security/notices/USN-6725-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6725-2 vom 2024-04-16",
        "url": "https://ubuntu.com/security/notices/USN-6725-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6726-2 vom 2024-04-16",
        "url": "https://ubuntu.com/security/notices/USN-6726-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6724-2 vom 2024-04-16",
        "url": "https://ubuntu.com/security/notices/USN-6724-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6726-3 vom 2024-04-17",
        "url": "https://ubuntu.com/security/notices/USN-6726-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6741-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6741-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6743-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6743-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6742-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6742-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6743-2 vom 2024-04-22",
        "url": "https://ubuntu.com/security/notices/USN-6743-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6742-2 vom 2024-04-23",
        "url": "https://ubuntu.com/security/notices/USN-6742-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6743-3 vom 2024-04-25",
        "url": "https://ubuntu.com/security/notices/USN-6743-3"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2394 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2394"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5681 vom 2024-05-06",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00090.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6767-1 vom 2024-05-07",
        "url": "https://ubuntu.com/security/notices/USN-6767-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-1 vom 2024-05-07",
        "url": "https://ubuntu.com/security/notices/USN-6766-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6767-2 vom 2024-05-14",
        "url": "https://ubuntu.com/security/notices/USN-6767-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-2 vom 2024-05-15",
        "url": "https://ubuntu.com/security/notices/USN-6766-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6777-1 vom 2024-05-16",
        "url": "https://ubuntu.com/security/notices/USN-6777-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-065 vom 2024-05-20",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-065.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-3 vom 2024-05-20",
        "url": "https://ubuntu.com/security/notices/USN-6766-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6777-2 vom 2024-05-20",
        "url": "https://ubuntu.com/security/notices/USN-6777-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6777-3 vom 2024-05-22",
        "url": "https://ubuntu.com/security/notices/USN-6777-3"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2950 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2950"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3138 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:3138"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6777-4 vom 2024-05-23",
        "url": "https://ubuntu.com/security/notices/USN-6777-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6795-1 vom 2024-05-28",
        "url": "https://ubuntu.com/security/notices/USN-6795-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:3618"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:3627"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12385 vom 2024-06-05",
        "url": "https://oss.oracle.com/pipermail/el-errata/2024-June/015806.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12385 vom 2024-06-05",
        "url": "https://oss.oracle.com/pipermail/el-errata/2024-June/015807.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06",
        "url": "https://linux.oracle.com/errata/ELSA-2024-3618.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6821-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156774 vom 2024-06-07",
        "url": "https://www.ibm.com/support/pages/node/7156774"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6820-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6820-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-2 vom 2024-06-10",
        "url": "https://ubuntu.com/security/notices/USN-6821-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6828-1 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/USN-6828-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6820-2 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/USN-6820-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-3 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/USN-6821-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice LSN-0104-1 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/LSN-0104-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2010-1 vom 2024-06-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018711.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-4 vom 2024-06-14",
        "url": "https://ubuntu.com/security/notices/USN-6821-4"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2185-1 vom 2024-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018809.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2183-1 vom 2024-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018808.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3842 vom 2024-06-25",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3841 vom 2024-06-25",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3840 vom 2024-06-27",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6871-1 vom 2024-07-04",
        "url": "https://ubuntu.com/security/notices/USN-6871-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4415 vom 2024-07-09",
        "url": "https://access.redhat.com/errata/RHSA-2024:4415"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4412 vom 2024-07-09",
        "url": "https://access.redhat.com/errata/RHSA-2024:4412"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6892-1 vom 2024-07-10",
        "url": "https://ubuntu.com/security/notices/USN-6892-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4831 vom 2024-07-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:4831"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4823 vom 2024-07-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:4823"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6919-1 vom 2024-07-26",
        "url": "https://ubuntu.com/security/notices/USN-6919-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6926-1 vom 2024-07-29",
        "url": "https://ubuntu.com/security/notices/USN-6926-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31",
        "url": "https://ubuntu.com/security/notices/USN-6938-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
        "url": "https://www.ibm.com/support/pages/node/7162077"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6926-2 vom 2024-08-01",
        "url": "https://ubuntu.com/security/notices/USN-6926-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2802-1 vom 2024-08-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-1 vom 2024-08-09",
        "url": "https://ubuntu.com/security/notices/USN-6951-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6953-1 vom 2024-08-09",
        "url": "https://ubuntu.com/security/notices/USN-6953-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6926-3 vom 2024-08-09",
        "url": "https://ubuntu.com/security/notices/USN-6926-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2896-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2894-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019182.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5281 vom 2024-08-13",
        "url": "https://access.redhat.com/errata/RHSA-2024:5281"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2892-1 vom 2024-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019188.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-2 vom 2024-08-14",
        "url": "https://ubuntu.com/security/notices/USN-6951-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2939-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019211.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2947-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019220.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2940-1 vom 2024-08-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019212.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2203-1 vom 2024-08-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019244.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-3 vom 2024-08-19",
        "url": "https://ubuntu.com/security/notices/USN-6951-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2973-1 vom 2024-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019280.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5692 vom 2024-08-21",
        "url": "https://access.redhat.com/errata/RHSA-2024:5692"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6951-4 vom 2024-08-21",
        "url": "https://ubuntu.com/security/notices/USN-6951-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6979-1 vom 2024-08-22",
        "url": "https://ubuntu.com/security/notices/USN-6979-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:5928 vom 2024-08-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:5928"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-5928 vom 2024-08-29",
        "url": "https://linux.oracle.com/errata/ELSA-2024-5928.html"
      },
      {
        "category": "external",
        "summary": "SecurityOnline.info vom 2024-09-05",
        "url": "https://securityonline.info/cve-2024-26581-poc-exploit-released-linux-systems-at-risk-of-root-compromise/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:6993 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:6993"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:6997 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:6997"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-6997 vom 2024-09-26",
        "url": "https://linux.oracle.com/errata/ELSA-2024-6997.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
        "url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7173960 vom 2024-10-23",
        "url": "https://www.ibm.com/support/pages/node/7173960"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7123-1 vom 2024-11-20",
        "url": "https://ubuntu.com/security/notices/USN-7123-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7194-1 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7194-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0236-1 vom 2025-01-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020196.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7230557 vom 2025-04-10",
        "url": "https://www.ibm.com/support/pages/node/7230557"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
        "url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20028-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021386.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20008-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021403.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-04T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-05T06:06:58.189+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-0444",
      "initial_release_date": "2024-02-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-02-25T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-03-05T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-03-11T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-14T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-17T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-01T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-04-09T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-22T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-23T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-24T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-06T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-13T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-15T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-20T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-23T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-04T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-05T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-06-06T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-06-09T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Ubuntu und IBM aufgenommen"
        },
        {
          "date": "2024-06-10T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-12T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-16T22:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-24T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-06-27T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-03T22:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-24T22:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-28T22:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-29T22:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-31T22:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von Ubuntu und IBM aufgenommen"
        },
        {
          "date": "2024-08-01T22:00:00.000+00:00",
          "number": "45",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "46",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-08T22:00:00.000+00:00",
          "number": "47",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-11T22:00:00.000+00:00",
          "number": "48",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "49",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-08-14T22:00:00.000+00:00",
          "number": "50",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-15T22:00:00.000+00:00",
          "number": "51",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-18T22:00:00.000+00:00",
          "number": "52",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-19T22:00:00.000+00:00",
          "number": "53",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-21T22:00:00.000+00:00",
          "number": "54",
          "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-22T22:00:00.000+00:00",
          "number": "55",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-28T22:00:00.000+00:00",
          "number": "56",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-08-29T22:00:00.000+00:00",
          "number": "57",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "58",
          "summary": "Meldung angepasst, Exploit aufgnommen"
        },
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "59",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-09-25T22:00:00.000+00:00",
          "number": "60",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "61",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-10-23T22:00:00.000+00:00",
          "number": "62",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-20T23:00:00.000+00:00",
          "number": "63",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "64",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-01-26T23:00:00.000+00:00",
          "number": "65",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-04-09T22:00:00.000+00:00",
          "number": "66",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-29T22:00:00.000+00:00",
          "number": "67",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "68",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "68"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Avamar",
            "product": {
              "name": "Dell Avamar",
              "product_id": "T039664",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:avamar:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell NetWorker",
            "product": {
              "name": "Dell NetWorker",
              "product_id": "T034583",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:virtual"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM QRadar SIEM",
            "product": {
              "name": "IBM QRadar SIEM",
              "product_id": "T021415",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:qradar_siem:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12",
                "product": {
                  "name": "IBM Security Guardium 12.0",
                  "product_id": "T031092",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:12.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.17",
                "product": {
                  "name": "IBM Spectrum Protect Plus \u003c10.1.17",
                  "product_id": "T042730"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.17",
                "product": {
                  "name": "IBM Spectrum Protect Plus 10.1.17",
                  "product_id": "T042730-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.17"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spectrum Protect Plus"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.8-rc1",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.8-rc1",
                  "product_id": "T032952"
                }
              },
              {
                "category": "product_version",
                "name": "6.8-rc1",
                "product": {
                  "name": "Open Source Linux Kernel 6.8-rc1",
                  "product_id": "T032952-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.8-rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.8-rc4",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.8-rc4",
                  "product_id": "T032953"
                }
              },
              {
                "category": "product_version",
                "name": "6.8-rc4",
                "product": {
                  "name": "Open Source Linux Kernel 6.8-rc4",
                  "product_id": "T032953-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.8-rc4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.7",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.7",
                  "product_id": "T032954"
                }
              },
              {
                "category": "product_version",
                "name": "6.7",
                "product": {
                  "name": "Open Source Linux Kernel 6.7",
                  "product_id": "T032954-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.6",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.6",
                  "product_id": "T032955"
                }
              },
              {
                "category": "product_version",
                "name": "6.6",
                "product": {
                  "name": "Open Source Linux Kernel 6.6",
                  "product_id": "T032955-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52433",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-52433"
    },
    {
      "cve": "CVE-2023-52434",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-52434"
    },
    {
      "cve": "CVE-2023-52435",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-52435"
    },
    {
      "cve": "CVE-2023-52436",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-52436"
    },
    {
      "cve": "CVE-2023-52437",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-52437"
    },
    {
      "cve": "CVE-2023-52438",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-52438"
    },
    {
      "cve": "CVE-2023-52439",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-52439"
    },
    {
      "cve": "CVE-2024-26581",
      "product_status": {
        "known_affected": [
          "T032952",
          "T032955",
          "67646",
          "T032953",
          "T032954",
          "T034583",
          "T004914",
          "74185",
          "T039664",
          "T042730",
          "2951",
          "T002207",
          "T000126",
          "T021415",
          "T031092",
          "398363"
        ]
      },
      "release_date": "2024-02-20T23:00:00.000+00:00",
      "title": "CVE-2024-26581"
    }
  ]
}

fkie_cve-2023-52436

Vulnerability from fkie_nvd

Published

2024-02-20 21:15

Modified

2024-11-21 08:39

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7AEFD0-0681-4E8D-9074-27416D3EE94C",
              "versionEndExcluding": "4.19.306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C",
              "versionEndExcluding": "5.4.268",
              "versionStartIncluding": "4.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5",
              "versionEndExcluding": "5.10.209",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B",
              "versionEndExcluding": "5.15.148",
              "versionStartIncluding": "5.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DD9841-CE11-470D-A285-A2E8E0F6640D",
              "versionEndExcluding": "6.1.74",
              "versionStartIncluding": "5.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74A1FFC7-19FA-450E-BC2D-2BBD2EBF0A5F",
              "versionEndExcluding": "6.6.13",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "664EB721-F519-48BB-B1C8-897D5990CD78",
              "versionEndExcluding": "6.7.1",
              "versionStartIncluding": "6.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\neliminates the fragile assumption that the unused xattr space is always\nzeroed."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: termina expl\u00edcitamente en nulo la lista xattr Al configurar un xattr, termina expl\u00edcitamente en nulo la lista xattr. Esto elimina la fr\u00e1gil suposici\u00f3n de que el espacio xattr no utilizado siempre se pone a cero."
    }
  ],
  "id": "CVE-2023-52436",
  "lastModified": "2024-11-21T08:39:45.483",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-20T21:15:08.060",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-74mg-f7w3-pcrr

Vulnerability from github

Published

2024-02-20 21:30

Modified

2024-06-27 12:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: explicitly null-terminate the xattr list

When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-52436"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\neliminates the fragile assumption that the unused xattr space is always\nzeroed.",
  "id": "GHSA-74mg-f7w3-pcrr",
  "modified": "2024-06-27T12:30:43Z",
  "published": "2024-02-20T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52436"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2023-52436

Vulnerability from gsd

Modified

2024-02-21 06:01

Details

Aliases

CVE-2023-52436

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-52436"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\neliminates the fragile assumption that the unused xattr space is always\nzeroed.",
      "id": "GSD-2023-52436",
      "modified": "2024-02-21T06:01:53.226824Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2023-52436",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1da177e4c3f4",
                          "version_value": "16ae3132ff77"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThanOrEqual": "4.19.*",
                                "status": "unaffected",
                                "version": "4.19.306",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.4.*",
                                "status": "unaffected",
                                "version": "5.4.268",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.10.*",
                                "status": "unaffected",
                                "version": "5.10.209",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.15.*",
                                "status": "unaffected",
                                "version": "5.15.148",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "6.1.*",
                                "status": "unaffected",
                                "version": "6.1.74",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "6.6.*",
                                "status": "unaffected",
                                "version": "6.6.13",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "6.7.*",
                                "status": "unaffected",
                                "version": "6.7.1",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "6.8",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\neliminates the fragile assumption that the unused xattr space is always\nzeroed."
          }
        ]
      },
      "generator": {
        "engine": "bippy-8df59b4913de"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
          },
          {
            "name": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
          },
          {
            "name": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
          },
          {
            "name": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
          },
          {
            "name": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
          },
          {
            "name": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
          },
          {
            "name": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
          },
          {
            "name": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0A7AEFD0-0681-4E8D-9074-27416D3EE94C",
                    "versionEndExcluding": "4.19.306",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C",
                    "versionEndExcluding": "5.4.268",
                    "versionStartIncluding": "4.20.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5",
                    "versionEndExcluding": "5.10.209",
                    "versionStartIncluding": "5.5.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B",
                    "versionEndExcluding": "5.15.148",
                    "versionStartIncluding": "5.11.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F7DD9841-CE11-470D-A285-A2E8E0F6640D",
                    "versionEndExcluding": "6.1.74",
                    "versionStartIncluding": "5.16.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "74A1FFC7-19FA-450E-BC2D-2BBD2EBF0A5F",
                    "versionEndExcluding": "6.6.13",
                    "versionStartIncluding": "6.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "664EB721-F519-48BB-B1C8-897D5990CD78",
                    "versionEndExcluding": "6.7.1",
                    "versionStartIncluding": "6.7.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: explicitly null-terminate the xattr list\n\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\neliminates the fragile assumption that the unused xattr space is always\nzeroed."
          },
          {
            "lang": "es",
            "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: termina expl\u00edcitamente en nulo la lista xattr Al configurar un xattr, termina expl\u00edcitamente en nulo la lista xattr. Esto elimina la fr\u00e1gil suposici\u00f3n de que el espacio xattr no utilizado siempre se pone a cero."
          }
        ],
        "id": "CVE-2023-52436",
        "lastModified": "2024-04-19T17:36:10.083",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-02-20T21:15:08.060",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "tags": [
              "Patch"
            ],
            "url": "https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-Other"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-52436 (GCVE-0-2023-52436)

Vulnerability from cvelistv5

wid-sec-w-2024-0444

Vulnerability from csaf_certbund

fkie_cve-2023-52436

Vulnerability from fkie_nvd

ghsa-74mg-f7w3-pcrr

Vulnerability from github

gsd-2023-52436

Vulnerability from gsd

Tags

Sightings

Nomenclature