Bugzilla – Bug 1220139
VUL-0: CVE-2023-52436: kernel: explicitly null-terminate the xattr list
Last modified: 2024-02-22 09:01:57 UTC
In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52436 https://www.cve.org/CVERecord?id=CVE-2023-52436 https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135 https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36 https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11 https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52 https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564 https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea
We don't support f2fs at all (we don't even compile it in any of our kernel branches). We had briefly discussed this before in bsc#1211742. My suggestion would still be to leverage our kernel-source blacklist.conf which is the authoritative source, and filter out what we don't support from the CVE reports.
As Anthony said, we don't support f2fs. Closing.
Closing now.