CVE-2023-52526
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52526
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52526.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52526
- Downstream
- Published
- 2024-03-02T21:52:32Z
- Modified
- 2025-10-21T14:03:57.853076Z
- Summary
- erofs: fix memory leak of LZMA global compressed deduplication
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix memory leak of LZMA global compressed deduplication
When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled (
-Ededupe), I found some short-lived temporary pages weren't properly released, which could slowly cause unexpected OOMs hours later.Let's fix it now (LZ4 and DEFLATE don't have this issue.)
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5c2a64252c5dc4cfe78e5b2a531c118894e3d155Fixed6a5a8f0a9740f865693d5aa97a42cc4504538e18
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5c2a64252c5dc4cfe78e5b2a531c118894e3d155Fixedc955751cbf864cf2055117dd3fe7f780d2a57b56
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5c2a64252c5dc4cfe78e5b2a531c118894e3d155Fixed75a5221630fe5aa3fedba7a06be618db0f79ba1e
Affected versions
v6.*
v6.0
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.6-rc1
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75a5221630fe5aa3fedba7a06be618db0f79ba1e",
"target": {
"function": "z_erofs_lzma_decompress",
"file": "fs/erofs/decompressor_lzma.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-52526-202dfe2b",
"signature_type": "Function",
"digest": {
"length": 3607.0,
"function_hash": "169895664256811205401906509950823509838"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c955751cbf864cf2055117dd3fe7f780d2a57b56",
"target": {
"function": "z_erofs_lzma_decompress",
"file": "fs/erofs/decompressor_lzma.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-52526-49134c0f",
"signature_type": "Function",
"digest": {
"length": 3607.0,
"function_hash": "169895664256811205401906509950823509838"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@75a5221630fe5aa3fedba7a06be618db0f79ba1e",
"target": {
"file": "fs/erofs/decompressor_lzma.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-52526-66fae746",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"327583402173281931575768622590796117383",
"151663072219050062473924742281449779062",
"167248904574940183867073630659011604017",
"258039168661334996186613988946686094677",
"89156024940452373405278774929687422158",
"327277127831783704345750611973798510140"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a5a8f0a9740f865693d5aa97a42cc4504538e18",
"target": {
"file": "fs/erofs/decompressor_lzma.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-52526-916fb439",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"327583402173281931575768622590796117383",
"151663072219050062473924742281449779062",
"167248904574940183867073630659011604017",
"258039168661334996186613988946686094677",
"89156024940452373405278774929687422158",
"327277127831783704345750611973798510140"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c955751cbf864cf2055117dd3fe7f780d2a57b56",
"target": {
"file": "fs/erofs/decompressor_lzma.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-52526-b5d7ee98",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"327583402173281931575768622590796117383",
"151663072219050062473924742281449779062",
"167248904574940183867073630659011604017",
"258039168661334996186613988946686094677",
"89156024940452373405278774929687422158",
"327277127831783704345750611973798510140"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a5a8f0a9740f865693d5aa97a42cc4504538e18",
"target": {
"function": "z_erofs_lzma_decompress",
"file": "fs/erofs/decompressor_lzma.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-52526-edb44b90",
"signature_type": "Function",
"digest": {
"length": 3593.0,
"function_hash": "319083924109871969397310921703403781355"
}
}
]