| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123058-CVE-2023-54264-64bd@gregkh> Date: Tue, 30 Dec 2025 13:20:30 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54264: fs/sysv: Null check to prevent null-ptr-deref bug From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: fs/sysv: Null check to prevent null-ptr-deref bug sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on that leads to the null-ptr-deref bug. The Linux kernel CVE team has assigned CVE-2023-54264 to this issue. Affected and fixed versions =========================== Fixed in 4.14.322 with commit e976988bc245ec3768cc0f76bed7d05488a7dd0f Fixed in 4.19.291 with commit baa60c66a310c50785289b0ede6fdce8ec3219c7 Fixed in 5.4.253 with commit 0a44ceba77c3267f8505dda102a59367dc24caee Fixed in 5.10.190 with commit 7f740bc696d4617f8ee44565e8ac0d36278a1e91 Fixed in 5.15.126 with commit afd9a31b5aa4b3747f382d44a7b03b7b5d0b7635 Fixed in 6.1.45 with commit 1416eebaad80bdc85ad9f97f27242011b031e2a9 Fixed in 6.4.10 with commit e28f376dd8dfcc4e880ac101184132bc08703f6e Fixed in 6.5 with commit ea2b62f305893992156a798f665847e0663c9f41 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54264 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/sysv/itree.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e976988bc245ec3768cc0f76bed7d05488a7dd0f https://git.kernel.org/stable/c/baa60c66a310c50785289b0ede6fdce8ec3219c7 https://git.kernel.org/stable/c/0a44ceba77c3267f8505dda102a59367dc24caee https://git.kernel.org/stable/c/7f740bc696d4617f8ee44565e8ac0d36278a1e91 https://git.kernel.org/stable/c/afd9a31b5aa4b3747f382d44a7b03b7b5d0b7635 https://git.kernel.org/stable/c/1416eebaad80bdc85ad9f97f27242011b031e2a9 https://git.kernel.org/stable/c/e28f376dd8dfcc4e880ac101184132bc08703f6e https://git.kernel.org/stable/c/ea2b62f305893992156a798f665847e0663c9f41
Powered by blists - more mailing lists