CVE-2023-53144

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-53144

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53144.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53144

Related

UBUNTU-CVE-2023-53144

Published

2025-05-02T16:15:33Z

Modified

2025-05-05T20:54:19Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms

As the call trace shown, the root cause is kunmap incorrect pages:

BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6.2.0-rc5 #4 Workqueue: erofsworker zerofsdecompressqueuework EIP: zerofslzmadecompress+0x34b/0x8ac zerofsdecompress+0x12/0x14 zerofsdecompressqueue+0x7e7/0xb1c zerofsdecompressqueuework+0x32/0x60 processonework+0x24b/0x4d8 ? processonework+0x1a4/0x4d8 workerthread+0x14c/0x3fc kthread+0xe6/0x10c ? rescuerthread+0x358/0x358 ? kthreadcompleteandexit+0x18/0x18 retfromfork+0x1c/0x28 ---[ end trace 0000000000000000 ]---

The bug is trivial and should be fixed now. It has no impact on !HIGHMEM platforms.

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}