Bug 1220139 (CVE-2023-52436)

Summary: VUL-0: CVE-2023-52436: kernel: explicitly null-terminate the xattr list
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED UPSTREAM QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: ailiopoulos, gabriele.sonnu, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/394647/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Anthony Iliopoulos 2024-02-21 09:47:46 UTC 
We don't support f2fs at all (we don't even compile it in any of our kernel branches).

We had briefly discussed this before in bsc#1211742.

My suggestion would still be to leverage our kernel-source blacklist.conf which is the authoritative source, and filter out what we don't support from the CVE reports.
Comment 2 Gabriele Sonnu 2024-02-21 10:04:59 UTC 
As Anthony said, we don't support f2fs. Closing.
Comment 3 Gabriele Sonnu 2024-02-22 09:01:57 UTC 
Closing now.