| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100452-CVE-2023-53569-181e@gregkh> Date: Sat, 4 Oct 2025 17:17:23 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53569: ext2: Check block size validity during mount From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior. The Linux kernel CVE team has assigned CVE-2023-53569 to this issue. Affected and fixed versions =========================== Fixed in 4.14.316 with commit 0ebfaf14150f55550cffb1148ed3920143c7a69c Fixed in 4.19.284 with commit 451b98155be5dfee05bc6e7c8b30c0be4add3f71 Fixed in 5.4.244 with commit c4813f858e5c3e4c4659ce95385c1c400c593e1e Fixed in 5.10.181 with commit 22ab5fed07ad4b206ea910fd0132d1a0d4831584 Fixed in 5.15.113 with commit 99f8a15af6c9f0653193104a9e70891f950c6001 Fixed in 6.1.30 with commit e6f4fb28890c1361e0db9eb1adee3fc04e7fe7f5 Fixed in 6.3.4 with commit c2e7776843a953fd7e48895c3880c277f996193e Fixed in 6.4 with commit 62aeb94433fcec80241754b70d0d1836d5926b0a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53569 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ext2/ext2.h fs/ext2/super.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0ebfaf14150f55550cffb1148ed3920143c7a69c https://git.kernel.org/stable/c/451b98155be5dfee05bc6e7c8b30c0be4add3f71 https://git.kernel.org/stable/c/c4813f858e5c3e4c4659ce95385c1c400c593e1e https://git.kernel.org/stable/c/22ab5fed07ad4b206ea910fd0132d1a0d4831584 https://git.kernel.org/stable/c/99f8a15af6c9f0653193104a9e70891f950c6001 https://git.kernel.org/stable/c/e6f4fb28890c1361e0db9eb1adee3fc04e7fe7f5 https://git.kernel.org/stable/c/c2e7776843a953fd7e48895c3880c277f996193e https://git.kernel.org/stable/c/62aeb94433fcec80241754b70d0d1836d5926b0a
Powered by blists - more mailing lists