CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:suse:linux_enterprise:12.0:sp5:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:15.0:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:15.0:sp5:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

15 Nov 2023, 02:51

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html - Mailing List, Third Party Advisory

07 Nov 2023, 04:15

Type Values Removed Values Added
Summary ** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.

20 Oct 2023, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html -

27 Jul 2023, 21:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html -

07 Jun 2023, 16:11

Type Values Removed Values Added
CWE CWE-125
References (MISC) https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321 - (MISC) https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321 - Mailing List, Patch
References (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1211895 - (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1211895 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3 - (MISC) https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3 - Mailing List, Patch
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31 - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31 - Mailing List, Patch
First Time Suse linux Enterprise
Linux linux Kernel
Linux
Suse
CPE cpe:2.3:o:suse:linux_enterprise:12.0:sp5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:15.0:sp5:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:15.0:sp4:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5

05 Jun 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1211895 -
Summary An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. ** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.

31 May 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-31 20:15

Updated : 2024-05-17 02:25


NVD link : CVE-2023-34256

Mitre link : CVE-2023-34256

CVE.ORG link : CVE-2023-34256


JSON object : View

Products Affected

suse

  • linux_enterprise

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-125

Out-of-bounds Read