CVE-2023-53796 in Kernel
요약 (영어)
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix information leak in f2fs_move_inline_dirents()
When converting an inline directory to a regular one, f2fs is leaking
uninitialized memory to disk because it doesn't initialize the entire
directory block. Fix this by zero-initializing the block.
This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded
initializing when converting inline dentry"), which didn't consider the
security implications of leaking uninitialized memory to disk.
This was found by running xfstest generic/435 on a KMSAN-enabled kernel.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
책임이 있는
Linux
예약하다
2025. 12. 09.
공개
2025. 12. 09.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 335008 | Linux Kernel f2fs f2fs_move_inline_dirents 정보 공개 | 200 | 정의되지 않음 | 공식 수정 | CVE-2023-53796 |