CVE-2023-54132 (GCVE-0-2023-54132)
Vulnerability from cvelistv5
Published
2025-12-24 13:06
Modified
2025-12-24 13:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
erofs: stop parsing non-compact HEAD index if clusterofs is invalid
Syzbot generated a crafted image [1] with a non-compact HEAD index of
clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1,
which causes the following unexpected behavior as below:
BUG: unable to handle page fault for address: fffff52101a3fff9
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffed067 P4D 23ffed067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4398 Comm: kworker/u5:1 Not tainted 6.3.0-rc6-syzkaller-g09a9639e56c0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: erofs_worker z_erofs_decompressqueue_work
RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40
...
Call Trace:
<TASK>
z_erofs_decompressqueue_work+0x99/0xe0
process_one_work+0x8f6/0x1170
worker_thread+0xa63/0x1210
kthread+0x270/0x300
ret_from_fork+0x1f/0x30
Note that normal images or images using compact indexes are not
impacted. Let's fix this now.
[1] https://lore.kernel.org/r/000000000000ec75b005ee97fbaa@google.com
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 02827e1796b33f1794966f5c3101f8da2dfa9c1d Version: 02827e1796b33f1794966f5c3101f8da2dfa9c1d Version: 02827e1796b33f1794966f5c3101f8da2dfa9c1d Version: 02827e1796b33f1794966f5c3101f8da2dfa9c1d Version: 02827e1796b33f1794966f5c3101f8da2dfa9c1d Version: 02827e1796b33f1794966f5c3101f8da2dfa9c1d Version: 02827e1796b33f1794966f5c3101f8da2dfa9c1d |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/erofs/zmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "880c79bdb002b9d5b6940e52c2ad3829c2178207",
"status": "affected",
"version": "02827e1796b33f1794966f5c3101f8da2dfa9c1d",
"versionType": "git"
},
{
"lessThan": "7a4579cd6e4936de107c82499c3c9ee11b63401e",
"status": "affected",
"version": "02827e1796b33f1794966f5c3101f8da2dfa9c1d",
"versionType": "git"
},
{
"lessThan": "060fecf1114ff9fcfe87953fe8c4fc5048777160",
"status": "affected",
"version": "02827e1796b33f1794966f5c3101f8da2dfa9c1d",
"versionType": "git"
},
{
"lessThan": "7ee7a86e28ce9ead7112286c388df8d254c373c6",
"status": "affected",
"version": "02827e1796b33f1794966f5c3101f8da2dfa9c1d",
"versionType": "git"
},
{
"lessThan": "f01b2894928affa3339d355608713cf3db8360b8",
"status": "affected",
"version": "02827e1796b33f1794966f5c3101f8da2dfa9c1d",
"versionType": "git"
},
{
"lessThan": "96a845419b3722869f09883319de4d55c44d9aef",
"status": "affected",
"version": "02827e1796b33f1794966f5c3101f8da2dfa9c1d",
"versionType": "git"
},
{
"lessThan": "cc4efd3dd2ac9f89143e5d881609747ecff04164",
"status": "affected",
"version": "02827e1796b33f1794966f5c3101f8da2dfa9c1d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/erofs/zmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.243",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.243",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.180",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.111",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.28",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.15",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: stop parsing non-compact HEAD index if clusterofs is invalid\n\nSyzbot generated a crafted image [1] with a non-compact HEAD index of\nclusterofs 33024 while valid numbers should be 0 ~ lclustersize-1,\nwhich causes the following unexpected behavior as below:\n\n BUG: unable to handle page fault for address: fffff52101a3fff9\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 23ffed067 P4D 23ffed067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP KASAN\n CPU: 1 PID: 4398 Comm: kworker/u5:1 Not tainted 6.3.0-rc6-syzkaller-g09a9639e56c0 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023\n Workqueue: erofs_worker z_erofs_decompressqueue_work\n RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40\n ...\n Call Trace:\n \u003cTASK\u003e\n z_erofs_decompressqueue_work+0x99/0xe0\n process_one_work+0x8f6/0x1170\n worker_thread+0xa63/0x1210\n kthread+0x270/0x300\n ret_from_fork+0x1f/0x30\n\nNote that normal images or images using compact indexes are not\nimpacted. Let\u0027s fix this now.\n\n[1] https://lore.kernel.org/r/000000000000ec75b005ee97fbaa@google.com"
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T13:06:49.030Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/880c79bdb002b9d5b6940e52c2ad3829c2178207"
},
{
"url": "https://git.kernel.org/stable/c/7a4579cd6e4936de107c82499c3c9ee11b63401e"
},
{
"url": "https://git.kernel.org/stable/c/060fecf1114ff9fcfe87953fe8c4fc5048777160"
},
{
"url": "https://git.kernel.org/stable/c/7ee7a86e28ce9ead7112286c388df8d254c373c6"
},
{
"url": "https://git.kernel.org/stable/c/f01b2894928affa3339d355608713cf3db8360b8"
},
{
"url": "https://git.kernel.org/stable/c/96a845419b3722869f09883319de4d55c44d9aef"
},
{
"url": "https://git.kernel.org/stable/c/cc4efd3dd2ac9f89143e5d881609747ecff04164"
}
],
"title": "erofs: stop parsing non-compact HEAD index if clusterofs is invalid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-54132",
"datePublished": "2025-12-24T13:06:49.030Z",
"dateReserved": "2025-12-24T13:02:52.522Z",
"dateUpdated": "2025-12-24T13:06:49.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-54132\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:15.180\",\"lastModified\":\"2025-12-24T13:16:15.180\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nerofs: stop parsing non-compact HEAD index if clusterofs is invalid\\n\\nSyzbot generated a crafted image [1] with a non-compact HEAD index of\\nclusterofs 33024 while valid numbers should be 0 ~ lclustersize-1,\\nwhich causes the following unexpected behavior as below:\\n\\n BUG: unable to handle page fault for address: fffff52101a3fff9\\n #PF: supervisor read access in kernel mode\\n #PF: error_code(0x0000) - not-present page\\n PGD 23ffed067 P4D 23ffed067 PUD 0\\n Oops: 0000 [#1] PREEMPT SMP KASAN\\n CPU: 1 PID: 4398 Comm: kworker/u5:1 Not tainted 6.3.0-rc6-syzkaller-g09a9639e56c0 #0\\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023\\n Workqueue: erofs_worker z_erofs_decompressqueue_work\\n RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40\\n ...\\n Call Trace:\\n \u003cTASK\u003e\\n z_erofs_decompressqueue_work+0x99/0xe0\\n process_one_work+0x8f6/0x1170\\n worker_thread+0xa63/0x1210\\n kthread+0x270/0x300\\n ret_from_fork+0x1f/0x30\\n\\nNote that normal images or images using compact indexes are not\\nimpacted. Let\u0027s fix this now.\\n\\n[1] https://lore.kernel.org/r/000000000000ec75b005ee97fbaa@google.com\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/060fecf1114ff9fcfe87953fe8c4fc5048777160\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7a4579cd6e4936de107c82499c3c9ee11b63401e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7ee7a86e28ce9ead7112286c388df8d254c373c6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/880c79bdb002b9d5b6940e52c2ad3829c2178207\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/96a845419b3722869f09883319de4d55c44d9aef\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cc4efd3dd2ac9f89143e5d881609747ecff04164\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f01b2894928affa3339d355608713cf3db8360b8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…