CVE-2023-52444

f2fs: fix to avoid dirent corruption

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename()
... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the ".." link. And cross-directory
rename does move the source to new parent, even if you'd been asked
to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below testcase, it may cause dirent corruption, due to it missed
to call f2fs_set_link() to update ".." link to new directory.
- mkdir -p dir/foo
- renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '..', parent parent ino is [0x3]
[FSCK] other corrupted bugs [Fail]

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrección para evitar corrupción directa Como informó Al en link[1]: f2fs_rename() ... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); demás f2fs_put_page(old_dir_page, 0); Quiere el número correcto en el enlace ".." Y el cambio de nombre entre directorios mueve la fuente al nuevo padre, incluso si le hubieran pedido que dejara un espacio en blanco en el lugar anterior. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ Con el siguiente caso de prueba, puede causar corrupción directa, debido a que no llamó a f2fs_set_link() para actualizar el enlace ".." al nuevo directorio . - mkdir -p dir/foo - renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --> Número de inodo incorrecto [0x4] para '..', el ino padre padre es [0x3] [FSCK] otro corrupto errores [falla]

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() ... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the ".." link. And cross-directory rename does move the source to new parent, even if you'd been asked to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below testcase, it may cause dirent corruption, due to it missed to call f2fs_set_link() to update ".." link to new directory. - mkdir -p dir/foo - renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '..', parent parent ino is [0x3] [FSCK] other corrupted bugs [Fail]

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-02-22 CVE Published
2024-12-19 CVE Updated
2025-03-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/7e01e7ad746bc8198a8b46163ddc73a1c7d22339	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46	2024-01-25
https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024	2024-01-25
https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310	2024-01-25
https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77	2024-01-25
https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7	2024-01-25
https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728	2024-01-25
https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862	2024-01-25
https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28	2023-11-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 4.19.306 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.19.306"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 5.4.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 5.4.268"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 5.10.209 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 5.10.209"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 5.15.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 5.15.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 6.8"		en		Affected