CVE-2023-52497

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Mar 1, 2024

Updated: Jan 9, 2025

CWE ID 787

Summary

CVE-2023-52497 is a vulnerability in the Linux kernel's EROFS file system. It affects the lz4 inplace decompression process. EROFS can map another compressed buffer for inplace decompression, but the relative order of the decompressed and compressed buffers is uncertain. Previously, this issue went unnoticed due to the short length of overlapped literals and the implementation of memmove() in x86/arm64 processors. However, recent Intel x86 processors with the new FSRM feature expose this issue when using "rep movsb". As a temporary solution, the Linux kernel team recommends using the decompressed buffer exclusively for lz4 inplace decompression. A future improvement may involve tying up the two buffers in the correct order.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners

CVE-2023-52497

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations