CVE-2023-54132Linux vulnerability

7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 87.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image [1] with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1, which causes the following unexpected behavior as below: BUG: unable to handle page fault for address: fffff52101a3fff9 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 23ffed067 P4D

Affected Packages4 packages

Linuxlinux/linux_kernel4.19.05.4.243+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux02827e1796b33f1794966f5c3101f8da2dfa9c1d880c79bdb002b9d5b6940e52c2ad3829c2178207+7
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
erofs: stop parsing non-compact HEAD index if clusterofs is invalid2025-12-24
GHSA
GHSA-6m52-8r59-r63x: In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot gener2025-12-24
OSV
CVE-2023-54132: In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generat2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: erofs: stop parsing non-compact HEAD index if clusterofs is invalid2025-12-24
Debian
CVE-2023-54132: linux - In the Linux kernel, the following vulnerability has been resolved: erofs: stop...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54132 Impact, Exploitability, and Mitigation Steps | Wiz