CVE-2023-54130 (GCVE-0-2023-54130)
Vulnerability from cvelistv5
Published
2025-12-24 13:06
Modified
2025-12-24 13:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed
a build warning by turning a comment into a WARN_ON(), but it turns out
that syzbot then complains because it can trigger said warning with a
corrupted hfs image.
The warning actually does warn about a bad situation, but we are much
better off just handling it as the error it is. So rather than warn
about us doing bad things, stop doing the bad things and return -EIO.
While at it, also fix a memory leak that was introduced by an earlier
fix for a similar syzbot warning situation, and add a check for one case
that historically wasn't handled at all (ie neither comment nor
subsequent WARN_ON).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c886c10a6eddb99923b315f42bf63f448883ef9a Version: 2344f17c0a89c181ab1a9fef57fd8c3bddfd6e30 Version: 90103ccb6e60aa4efe48993d23d6a528472f2233 Version: 4fd3a11804c8877ff11fec59c5c53f1635331e3e Version: 48d9e2e6de01ed35e965eb549758a837c07b601d Version: 55d1cbbbb29e6656c662ee8f73ba1fc4777532eb Version: 55d1cbbbb29e6656c662ee8f73ba1fc4777532eb Version: 55d1cbbbb29e6656c662ee8f73ba1fc4777532eb Version: 8c40f2dbae603ef0bd21e87c63f54ec59fd88256 Version: 367296925c7625c3969d2a78d7a3e1dee161beb5 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc2164ada548addfa8ee215196661c3afe0c5154",
"status": "affected",
"version": "c886c10a6eddb99923b315f42bf63f448883ef9a",
"versionType": "git"
},
{
"lessThan": "82725be426bce0a425cc5e26fbad61ffd29cff03",
"status": "affected",
"version": "2344f17c0a89c181ab1a9fef57fd8c3bddfd6e30",
"versionType": "git"
},
{
"lessThan": "da23752d9660ba7a8ca6c5768fd8776f67f59ee7",
"status": "affected",
"version": "90103ccb6e60aa4efe48993d23d6a528472f2233",
"versionType": "git"
},
{
"lessThan": "be01f35efa876eb81cebab2cb0add068b7280ef4",
"status": "affected",
"version": "4fd3a11804c8877ff11fec59c5c53f1635331e3e",
"versionType": "git"
},
{
"lessThan": "f10defb0be6ac42fb6a97b45920d32da6bd6fde8",
"status": "affected",
"version": "48d9e2e6de01ed35e965eb549758a837c07b601d",
"versionType": "git"
},
{
"lessThan": "90e019006644dad35862cb4aa270f561b0732066",
"status": "affected",
"version": "55d1cbbbb29e6656c662ee8f73ba1fc4777532eb",
"versionType": "git"
},
{
"lessThan": "45917be9f0af339a45b4619f31c902d37b8aed59",
"status": "affected",
"version": "55d1cbbbb29e6656c662ee8f73ba1fc4777532eb",
"versionType": "git"
},
{
"lessThan": "cb7a95af78d29442b8294683eca4897544b8ef46",
"status": "affected",
"version": "55d1cbbbb29e6656c662ee8f73ba1fc4777532eb",
"versionType": "git"
},
{
"status": "affected",
"version": "8c40f2dbae603ef0bd21e87c63f54ec59fd88256",
"versionType": "git"
},
{
"status": "affected",
"version": "367296925c7625c3969d2a78d7a3e1dee161beb5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.19",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.5",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling\n\nCommit 55d1cbbbb29e (\"hfs/hfsplus: use WARN_ON for sanity check\") fixed\na build warning by turning a comment into a WARN_ON(), but it turns out\nthat syzbot then complains because it can trigger said warning with a\ncorrupted hfs image.\n\nThe warning actually does warn about a bad situation, but we are much\nbetter off just handling it as the error it is. So rather than warn\nabout us doing bad things, stop doing the bad things and return -EIO.\n\nWhile at it, also fix a memory leak that was introduced by an earlier\nfix for a similar syzbot warning situation, and add a check for one case\nthat historically wasn\u0027t handled at all (ie neither comment nor\nsubsequent WARN_ON)."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T13:06:47.502Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc2164ada548addfa8ee215196661c3afe0c5154"
},
{
"url": "https://git.kernel.org/stable/c/82725be426bce0a425cc5e26fbad61ffd29cff03"
},
{
"url": "https://git.kernel.org/stable/c/da23752d9660ba7a8ca6c5768fd8776f67f59ee7"
},
{
"url": "https://git.kernel.org/stable/c/be01f35efa876eb81cebab2cb0add068b7280ef4"
},
{
"url": "https://git.kernel.org/stable/c/f10defb0be6ac42fb6a97b45920d32da6bd6fde8"
},
{
"url": "https://git.kernel.org/stable/c/90e019006644dad35862cb4aa270f561b0732066"
},
{
"url": "https://git.kernel.org/stable/c/45917be9f0af339a45b4619f31c902d37b8aed59"
},
{
"url": "https://git.kernel.org/stable/c/cb7a95af78d29442b8294683eca4897544b8ef46"
}
],
"title": "hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-54130",
"datePublished": "2025-12-24T13:06:47.502Z",
"dateReserved": "2025-12-24T13:02:52.521Z",
"dateUpdated": "2025-12-24T13:06:47.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-54130\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:14.987\",\"lastModified\":\"2025-12-24T13:16:14.987\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling\\n\\nCommit 55d1cbbbb29e (\\\"hfs/hfsplus: use WARN_ON for sanity check\\\") fixed\\na build warning by turning a comment into a WARN_ON(), but it turns out\\nthat syzbot then complains because it can trigger said warning with a\\ncorrupted hfs image.\\n\\nThe warning actually does warn about a bad situation, but we are much\\nbetter off just handling it as the error it is. So rather than warn\\nabout us doing bad things, stop doing the bad things and return -EIO.\\n\\nWhile at it, also fix a memory leak that was introduced by an earlier\\nfix for a similar syzbot warning situation, and add a check for one case\\nthat historically wasn\u0027t handled at all (ie neither comment nor\\nsubsequent WARN_ON).\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/45917be9f0af339a45b4619f31c902d37b8aed59\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/82725be426bce0a425cc5e26fbad61ffd29cff03\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/90e019006644dad35862cb4aa270f561b0732066\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/be01f35efa876eb81cebab2cb0add068b7280ef4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cb7a95af78d29442b8294683eca4897544b8ef46\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cc2164ada548addfa8ee215196661c3afe0c5154\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/da23752d9660ba7a8ca6c5768fd8776f67f59ee7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f10defb0be6ac42fb6a97b45920d32da6bd6fde8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…