SB20240608104 - Out-of-bounds read in Linux kernel nilfs2
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608104
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2023-52705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_load_super_block() function in fs/nilfs2/the_nilfs.c, within the nilfs_resize_fs() function in fs/nilfs2/super.c, within the nilfs_ioctl_set_alloc_range() function in fs/nilfs2/ioctl.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2f7a1135b202977b82457adde7db6c390056863b
- https://git.kernel.org/stable/c/b96591e2c35c8b47db0ec816b5fc6cb8868000ff
- https://git.kernel.org/stable/c/52844d8382cd9166d708032def8905ffc3ae550f
- https://git.kernel.org/stable/c/0ee5ed0126a2211f7174492da2ca2c29f43755c5
- https://git.kernel.org/stable/c/a158782b56b070485d54d25fc9aaf2c8f3752205
- https://git.kernel.org/stable/c/a8ef5109f93cea9933bbac0455d8c18757b3fcb4
- https://git.kernel.org/stable/c/99b9402a36f0799f25feee4465bfa4b8dfa74b4d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.306
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.273
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.169
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.232
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2