| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120905-CVE-2023-53861-22c6@gregkh> Date: Tue, 9 Dec 2025 10:31:45 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53861: ext4: correct grp validation in ext4_mb_good_group From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4_mb_good_group Group corruption check will access memory of grp and will trigger kernel crash if grp is NULL. So do NULL check before corruption check. The Linux kernel CVE team has assigned CVE-2023-53861 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10.181 with commit 100c0ad6c04597fefeaaba2bb1827cc015d95067 and fixed in 5.10.195 with commit 245759d987b617d183061db6ab8886ebb5cc78e9 Issue introduced in 5.15.113 with commit 620a3c28221bb219b81bc0bffd065cc187494302 and fixed in 5.15.132 with commit 3e24082f16825279054a2b8a5e668d65070bbf07 Issue introduced in 6.1.30 with commit b4319e457d6e3fb33e443efeaf4634fc36e8a9ed and fixed in 6.1.53 with commit 772ca4bc1d0d21320ef2ecc0f9e4f90ea85a035d Issue introduced in 6.4 with commit 5354b2af34064a4579be8bc0e2f15a7b70f14b5f and fixed in 6.4.16 with commit 83a9d5f5ec7e75640b1ba0bbd77a4888df798bb4 Issue introduced in 6.4 with commit 5354b2af34064a4579be8bc0e2f15a7b70f14b5f and fixed in 6.5.3 with commit e69d665987db0e37896adf78a7e718f9a0a75d3f Issue introduced in 6.4 with commit 5354b2af34064a4579be8bc0e2f15a7b70f14b5f and fixed in 6.6 with commit a9ce5993a0f5c0887c8a1b4ffa3b8046fbcfdc93 Issue introduced in 6.3.4 with commit 31668cebf45adfb6283e465e641c4f5a21b07afa Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53861 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ext4/mballoc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/245759d987b617d183061db6ab8886ebb5cc78e9 https://git.kernel.org/stable/c/3e24082f16825279054a2b8a5e668d65070bbf07 https://git.kernel.org/stable/c/772ca4bc1d0d21320ef2ecc0f9e4f90ea85a035d https://git.kernel.org/stable/c/83a9d5f5ec7e75640b1ba0bbd77a4888df798bb4 https://git.kernel.org/stable/c/e69d665987db0e37896adf78a7e718f9a0a75d3f https://git.kernel.org/stable/c/a9ce5993a0f5c0887c8a1b4ffa3b8046fbcfdc93
Powered by blists - more mailing lists