Vulnerabilities > CVE-2023-52979 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989
- https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76
- https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb
- https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e
- https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc
- https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c
- https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7