Bug 1211903 (CVE-2023-34255)

Summary: VUL-0: CVE-2023-34255: kernel: use-after-free in xfs_btree_lookup_get_block in fs/xfs/libxfs/xfs_btree.c
Product: [Novell Products] SUSE Security Incidents Reporter: Gabriele Sonnu <gabriele.sonnu>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: ailiopoulos, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/368047/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gabriele Sonnu 2023-06-01 09:32:41 UTC 
CVE-2023-34255

An issue was discovered in the Linux kernel through 6.3.5. There is a
use-after-free in xfs_btree_lookup_get_block in fs/xfs/libxfs/xfs_btree.c
because fs/xfs/xfs_buf_item_recover.c does not perform buffer content
verification when log replay is skipped.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34255
https://www.cve.org/CVERecord?id=CVE-2023-34255
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22ed903eee23a5b174e240f1cdfa9acf393a5210
https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e
Comment 1 Gabriele Sonnu 2023-06-01 09:48:22 UTC 
This looks like a duplicate of bug 1210498

*** This bug has been marked as a duplicate of bug 1210498 ***
Comment 2 Anthony Iliopoulos 2023-06-01 10:01:09 UTC 
This has already been handled in the past via bsc#1210498, marked as CVE-2023-2124.

No idea why this has a new CVE number assigned to it now, the commit-id of the fix is identical, and it has already been backported to all our affected branches [1].
 
We are missing the fix for ALP-current though, since this was never submitted for stable inclusion.

[1] https://bugzilla.suse.com/show_bug.cgi?id=1210498#c7