2265653 – (CVE-2023-52448) CVE-2023-52448 kernel: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

Bug 2265653 (CVE-2023-52448) - CVE-2023-52448 kernel: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

Summary: CVE-2023-52448 kernel: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp...

Keywords:
Status:	NEW
Alias:	CVE-2023-52448
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2265669
Blocks:	2265643
TreeView+	depends on / blocked

Reported:	2024-02-23 13:47 UTC by Patrick Del Bello
Modified:	2024-05-02 22:50 UTC (History)
CC List:	49 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2024:2634	None	None	None	2024-05-01 01:22:37 UTC
Red Hat Product Errata	RHBA-2024:2650	None	None	None	2024-05-02 00:15:25 UTC
Red Hat Product Errata	RHBA-2024:2686	None	None	None	2024-05-02 22:50:33 UTC
Red Hat Product Errata	RHSA-2024:2394	None	None	None	2024-04-30 10:16:20 UTC

Description Patrick Del Bello 2024-02-23 13:47:37 UTC

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump().  This can happen when creatingrgd->rd_gl fails in read_rindex_entry().  Add a NULL pointer check in gfs2_rgrp_dump() to prevent that.

Comment 1 Patrick Del Bello 2024-02-23 14:54:17 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2265669]

Comment 3 Justin M. Forbes 2024-02-27 00:26:43 UTC

	Issue introduced in 4.20 with commit 72244b6bc752 and fixed in 5.4.268 with commit efc8ef87ab91
	Issue introduced in 4.20 with commit 72244b6bc752 and fixed in 5.10.209 with commit 5c28478af371
	Issue introduced in 4.20 with commit 72244b6bc752 and fixed in 5.15.148 with commit ee0586d73cba
	Issue introduced in 4.20 with commit 72244b6bc752 and fixed in 6.1.75 with commit d69d7804cf9e
	Issue introduced in 4.20 with commit 72244b6bc752 and fixed in 6.6.14 with commit 067a7c48c2c7
	Issue introduced in 4.20 with commit 72244b6bc752 and fixed in 6.7.2 with commit c323efd620c7
	Issue introduced in 4.20 with commit 72244b6bc752 and fixed in 6.8-rc1 with commit 8877243beafa

Comment 4 Justin M. Forbes 2024-02-27 00:27:22 UTC

This was fixed for Fedora with the 6.614 stable kernel updates.

Comment 7 errata-xmlrpc 2024-04-30 10:16:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
aquini
bhu
chwhite
cye
cyin
dbohanno
debarbos
dfreiber
drow
dvlasenk
esandeen
ezulian
hkrzesin
jarod
jburrell
jdenham
jfaracco
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
ldoskova
lgoncalv
lzampier
mleitner
mmilgram
mstowell
nmurray
ptalbert
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
sukulkar
tglozar
tyberry
vkumar
wcosta
williams
wmealing
ycote
ykopkova
zhijwang