CVE-2023-34256

CWE-125Out-of-bounds Read14 documents7 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 96.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelDebian Debian LinuxSuse Linux Enterprise
Timeline
PublishedMay 31
Latest updateApr 9

Description

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDlinux/linux_kernel< 6.3.3
Debianlinux< 5.10.191-1+3

Also affects: Debian Linux 10.0, Linux Enterprise 12.0, 15.0

Patches

Patch: bugzilla.suse.comPatch: cdn.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

5
OSV
linux-aws vulnerabilities2024-03-21
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-03-18
OSV
CVE-2023-34256: An issue was discovered in the Linux kernel before 62023-05-31
CVEList
CVE-2023-34256: An issue was discovered in the Linux kernel before 62023-05-31
GHSA
GHSA-rj85-7vr5-qv74: An issue was discovered in the Linux kernel before 62023-05-31

📋Vendor Advisories

8
Ubuntu
Linux kernel (Azure) vulnerabilities2024-04-09
Ubuntu
Linux kernel vulnerabilities2024-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2024-03-21
Ubuntu
Linux kernel (GCP) vulnerabilities2024-03-20
Ubuntu
Linux kernel vulnerabilities2024-03-18