CVE-2023-52526

Source
https://cve.org/CVERecord?id=CVE-2023-52526
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52526.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52526
Downstream
Published
2024-03-02T21:52:32.261Z
Modified
2026-07-08T06:54:21.502379216Z
Summary
erofs: fix memory leak of LZMA global compressed deduplication
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix memory leak of LZMA global compressed deduplication

When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled (-Ededupe), I found some short-lived temporary pages weren't properly released, which could slowly cause unexpected OOMs hours later.

Let's fix it now (LZ4 and DEFLATE don't have this issue.)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52526.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5c2a64252c5dc4cfe78e5b2a531c118894e3d155
Fixed
6a5a8f0a9740f865693d5aa97a42cc4504538e18
Fixed
c955751cbf864cf2055117dd3fe7f780d2a57b56
Fixed
75a5221630fe5aa3fedba7a06be618db0f79ba1e

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52526.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.1.57
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.5.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52526.json"