Bug 2363741 (CVE-2023-53144) - CVE-2023-53144 kernel: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms
Summary: CVE-2023-53144 kernel: erofs: fix wrong kunmap when using LZMA on HIGHMEM pla...
Keywords:
Status: NEW
Alias: CVE-2023-53144
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-02 16:03 UTC by OSIDB Bzimport
Modified: 2025-05-05 06:02 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-05-02 16:03:55 UTC 
In the Linux kernel, the following vulnerability has been resolved:

erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms

As the call trace shown, the root cause is kunmap incorrect pages:

 BUG: kernel NULL pointer dereference, address: 00000000
 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6.2.0-rc5 #4
 Workqueue: erofs_worker z_erofs_decompressqueue_work
 EIP: z_erofs_lzma_decompress+0x34b/0x8ac
  z_erofs_decompress+0x12/0x14
  z_erofs_decompress_queue+0x7e7/0xb1c
  z_erofs_decompressqueue_work+0x32/0x60
  process_one_work+0x24b/0x4d8
  ? process_one_work+0x1a4/0x4d8
  worker_thread+0x14c/0x3fc
  kthread+0xe6/0x10c
  ? rescuer_thread+0x358/0x358
  ? kthread_complete_and_exit+0x18/0x18
  ret_from_fork+0x1c/0x28
 ---[ end trace 0000000000000000 ]---

The bug is trivial and should be fixed now.  It has no impact on
!HIGHMEM platforms.
Comment 1 Avinash Hanwate 2025-05-05 05:51:32 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050239-CVE-2023-53144-2ad8@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.