Bugzilla – Bug 1211895
VUL-0: DISPUTED: CVE-2023-34256: kernel: potential slab-out-of-bounds in ext4_group_desc_csum
Last modified: 2024-05-14 10:51:41 UTC
CVE-2023-34256 An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34256 https://www.cve.org/CVERecord?id=CVE-2023-34256 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31 https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321
Tracking as affected: - SLE12-SP5 - SLE15-SP4 - SLE15-SP5 - SLE15-SP5-GA - cve/linux-4.12 - cve/linux-4.4 - cve/linux-5.3 Fixing commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31
Gabriele, can you please dispute this CVE? Whoever filed it didn't think much about it... The changelog has in its first lines: When modifying the block device while it is mounted by the filesystem, syzbot reported the following: So yes, if you have write access to the buffer cache of a block device and can make kernel mount such device, you can crash the kernel. But this is not something the kernel ever tried to protect against because there is no practical protection - such access is pretty much equivalent to write access to any other kernel memory. In this particular case we have accepted the fix to ext4: a) because it was actually cleaning up the code b) because it silenced some syzbot reports but by no means this is relevant to security or even fixing any bug.
Thanks! So nothing to be done here, reassigning back to security team.
done, closing