Bugzilla – Bug 1211903
VUL-0: CVE-2023-34255: kernel: use-after-free in xfs_btree_lookup_get_block in fs/xfs/libxfs/xfs_btree.c
Last modified: 2023-06-01 10:01:09 UTC
CVE-2023-34255 An issue was discovered in the Linux kernel through 6.3.5. There is a use-after-free in xfs_btree_lookup_get_block in fs/xfs/libxfs/xfs_btree.c because fs/xfs/xfs_buf_item_recover.c does not perform buffer content verification when log replay is skipped. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34255 https://www.cve.org/CVERecord?id=CVE-2023-34255 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22ed903eee23a5b174e240f1cdfa9acf393a5210 https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e
This looks like a duplicate of bug 1210498 *** This bug has been marked as a duplicate of bug 1210498 ***
This has already been handled in the past via bsc#1210498, marked as CVE-2023-2124. No idea why this has a new CVE number assigned to it now, the commit-id of the fix is identical, and it has already been backported to all our affected branches [1]. We are missing the fix for ALP-current though, since this was never submitted for stable inclusion. [1] https://bugzilla.suse.com/show_bug.cgi?id=1210498#c7