CVE-2023-52526

When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled (-Ededupe), I found some short-lived temporary pages weren't properly released, which could slowly cause unexpected OOMs hours later.

Let's fix it now (LZ4 and DEFLATE don't have this issue.)

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52526.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5c2a64252c5dc4cfe78e5b2a531c118894e3d155

Fixed

6a5a8f0a9740f865693d5aa97a42cc4504538e18

Fixed

c955751cbf864cf2055117dd3fe7f780d2a57b56

Fixed

75a5221630fe5aa3fedba7a06be618db0f79ba1e

Affected versions

v6.*

v6.0

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.5.1

v6.5.2

v6.5.3

v6.5.4

v6.5.5

v6.5.6

v6.6-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52526.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "169895664256811205401906509950823509838",
            "length": 3607.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75a5221630fe5aa3fedba7a06be618db0f79ba1e",
        "signature_type": "Function",
        "id": "CVE-2023-52526-202dfe2b",
        "target": {
            "file": "fs/erofs/decompressor_lzma.c",
            "function": "z_erofs_lzma_decompress"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "169895664256811205401906509950823509838",
            "length": 3607.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c955751cbf864cf2055117dd3fe7f780d2a57b56",
        "signature_type": "Function",
        "id": "CVE-2023-52526-49134c0f",
        "target": {
            "file": "fs/erofs/decompressor_lzma.c",
            "function": "z_erofs_lzma_decompress"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "327583402173281931575768622590796117383",
                "151663072219050062473924742281449779062",
                "167248904574940183867073630659011604017",
                "258039168661334996186613988946686094677",
                "89156024940452373405278774929687422158",
                "327277127831783704345750611973798510140"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75a5221630fe5aa3fedba7a06be618db0f79ba1e",
        "signature_type": "Line",
        "id": "CVE-2023-52526-66fae746",
        "target": {
            "file": "fs/erofs/decompressor_lzma.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "327583402173281931575768622590796117383",
                "151663072219050062473924742281449779062",
                "167248904574940183867073630659011604017",
                "258039168661334996186613988946686094677",
                "89156024940452373405278774929687422158",
                "327277127831783704345750611973798510140"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a5a8f0a9740f865693d5aa97a42cc4504538e18",
        "signature_type": "Line",
        "id": "CVE-2023-52526-916fb439",
        "target": {
            "file": "fs/erofs/decompressor_lzma.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "327583402173281931575768622590796117383",
                "151663072219050062473924742281449779062",
                "167248904574940183867073630659011604017",
                "258039168661334996186613988946686094677",
                "89156024940452373405278774929687422158",
                "327277127831783704345750611973798510140"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c955751cbf864cf2055117dd3fe7f780d2a57b56",
        "signature_type": "Line",
        "id": "CVE-2023-52526-b5d7ee98",
        "target": {
            "file": "fs/erofs/decompressor_lzma.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "319083924109871969397310921703403781355",
            "length": 3593.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a5a8f0a9740f865693d5aa97a42cc4504538e18",
        "signature_type": "Function",
        "id": "CVE-2023-52526-edb44b90",
        "target": {
            "file": "fs/erofs/decompressor_lzma.c",
            "function": "z_erofs_lzma_decompress"
        }
    }
]

Git / github.com/gregkh/linux