CVE-2023-52582
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52582
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52582.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52582
- Downstream
- Related
- Published
- 2024-03-02T21:59:48Z
- Modified
- 2025-10-21T14:21:43.350373Z
- Summary
- netfs: Only call folio_start_fscache() one time for each folio
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfs: Only call foliostartfscache() one time for each folio
If a network filesystem using netfs implements a clamp_length() function, it can set subrequest lengths smaller than a page size.
When we loop through the folios in netfsrrequnlockfolios() to set any folios to be written back, we need to make sure we only call foliostart_fscache() once for each folio.
Otherwise, this simple testcase:
mount -o fsc,rsize=1024,wsize=1024 127.0.0.1:/export /mnt/nfs dd if=/dev/zero of=/mnt/nfs/file.bin bs=4096 count=1 1+0 records in 1+0 records out 4096 bytes (4.1 kB, 4.0 KiB) copied, 0.0126359 s, 324 kB/s echo 3 > /proc/sys/vm/drop_caches cat /mnt/nfs/file.bin > /dev/null
will trigger an oops similar to the following:
page dumped because: VMBUGONFOLIO(foliotestprivate2(folio)) ------------[ cut here ]------------ kernel BUG at include/linux/netfs.h:44! ... CPU: 5 PID: 134 Comm: kworker/u16:5 Kdump: loaded Not tainted 6.4.0-rc5 ... RIP: 0010:netfsrrequnlockfolios+0x68e/0x730 [netfs] ... Call Trace: netfsrreqassess+0x497/0x660 [netfs] netfssubreqterminated+0x32b/0x610 [netfs] nfsnetfsreadcompletion+0x14e/0x1a0 [nfs] nfsreadcompletion+0x2f9/0x330 [nfs] rpcfreetask+0x72/0xa0 [sunrpc] rpcasyncrelease+0x46/0x70 [sunrpc] processonework+0x3bd/0x710 workerthread+0x89/0x610 kthread+0x181/0x1c0 retfrom_fork+0x29/0x50
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3d3c95046742e4eebaa4b891b0b01cbbed94ebbdFixeddf9950d37df113db59495fa09d060754366a2b7c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3d3c95046742e4eebaa4b891b0b01cbbed94ebbdFixedd9f5537479d4ec97ea92ff24e81a517d5772581a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3d3c95046742e4eebaa4b891b0b01cbbed94ebbdFixeddf1c357f25d808e30b216188330e708e09e1a412
Affected versions
v5.*
v5.12
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.6-rc1
v6.6-rc2
Database specific
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2023-52582-2b09257c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df1c357f25d808e30b216188330e708e09e1a412",
"signature_version": "v1",
"target": {
"file": "fs/netfs/buffered_read.c"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"1103911254290833107485493503553493103",
"220279823250454552759725616737849416570",
"29263528188832138081638647027631471330",
"276094685363576041724426195438185923337",
"139691597958359697387365071167653749355",
"327440271564108651529539870785488048564",
"180067503693606059736315308742873854318",
"65342870427259175432657653800494834570",
"291073844654843835699991009715338027043",
"71898752062988006171363805206668205281",
"227249727876901760495635537537004670635",
"320329284946074458925430106574233156523"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"id": "CVE-2023-52582-5b19817e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df9950d37df113db59495fa09d060754366a2b7c",
"signature_version": "v1",
"target": {
"file": "fs/netfs/buffered_read.c"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"1103911254290833107485493503553493103",
"220279823250454552759725616737849416570",
"29263528188832138081638647027631471330",
"276094685363576041724426195438185923337",
"139691597958359697387365071167653749355",
"327440271564108651529539870785488048564",
"180067503693606059736315308742873854318",
"65342870427259175432657653800494834570",
"291073844654843835699991009715338027043",
"71898752062988006171363805206668205281",
"227249727876901760495635537537004670635",
"320329284946074458925430106574233156523"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"id": "CVE-2023-52582-aa86b4db",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9f5537479d4ec97ea92ff24e81a517d5772581a",
"signature_version": "v1",
"target": {
"function": "netfs_rreq_unlock_folios",
"file": "fs/netfs/buffered_read.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "327558613466364945104039218964388050390",
"length": 1688.0
}
},
{
"deprecated": false,
"id": "CVE-2023-52582-c95ff3f9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9f5537479d4ec97ea92ff24e81a517d5772581a",
"signature_version": "v1",
"target": {
"file": "fs/netfs/buffered_read.c"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"1103911254290833107485493503553493103",
"220279823250454552759725616737849416570",
"29263528188832138081638647027631471330",
"276094685363576041724426195438185923337",
"139691597958359697387365071167653749355",
"327440271564108651529539870785488048564",
"180067503693606059736315308742873854318",
"65342870427259175432657653800494834570",
"291073844654843835699991009715338027043",
"71898752062988006171363805206668205281",
"227249727876901760495635537537004670635",
"320329284946074458925430106574233156523"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"id": "CVE-2023-52582-cb504cbd",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df9950d37df113db59495fa09d060754366a2b7c",
"signature_version": "v1",
"target": {
"function": "netfs_rreq_unlock_folios",
"file": "fs/netfs/buffered_read.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "327558613466364945104039218964388050390",
"length": 1688.0
}
},
{
"deprecated": false,
"id": "CVE-2023-52582-f8f6c748",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df1c357f25d808e30b216188330e708e09e1a412",
"signature_version": "v1",
"target": {
"function": "netfs_rreq_unlock_folios",
"file": "fs/netfs/buffered_read.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "327558613466364945104039218964388050390",
"length": 1688.0
}
}
]