CVE-2023-52779

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52779
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52779.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52779
Related
Published
2024-05-21T16:15:16Z
Modified
2024-09-18T03:24:38.132413Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

fs: Pass ATGETATTRNOSEC flag to getattr interface function

When vfsgetattrnosec() calls a filesystem's getattr interface function then the 'nosec' should propagate into this function so that vfsgetattrnosec() can again be called from the filesystem's gettattr rather than vfsgetattr(). The latter would add unnecessary security checks that the initial vfsgetattrnosec() call wanted to avoid. Therefore, introduce the getattr flag GETATTRNOSEC and allow to pass with the new getattr_flags parameter to the getattr interface function. In overlayfs and ecryptfs use this flag to determine which one of the two functions to call.

In a recent code change introduced to IMA vfsgetattrnosec() ended up calling vfsgetattr() in overlayfs, which in turn called securityinodegetattr() on an exiting process that did not have current->fs set anymore, which then caused a kernel NULL pointer dereference. With this change the call to securityinode_getattr() can be avoided, thus avoiding the NULL pointer dereference.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.8-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}