CVE-2023-53796 in Linux情報

要約

〜によって MITRE • 2025年12月09日

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix information leak in f2fs_move_inline_dirents()

When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zero-initializing the block.

This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded initializing when converting inline dentry"), which didn't consider the security implications of leaking uninitialized memory to disk.

This was found by running xfstest generic/435 on a KMSAN-enabled kernel.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

責任者

Linux

予約する

2025年12月09日

モデレーション

承諾済み

エントリ

VDB-335008

EPSS

0.00184

アクティビティ

非常低い

セクター

Police, Pharma, ...

ソース

Do you know our Splunk app?

Download it now for free!