Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-52733

HIGH
Published 2024-05-21T15:22:58.605Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-52733. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.8
/10
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.178
Higher than 17.8% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

In the Linux kernel, the following vulnerability has been resolved:

s390/decompressor: specify __decompress() buf len to avoid overflow

Historically calls to __decompress() didn't specify "out_len" parameter
on many architectures including s390, expecting that no writes beyond
uncompressed kernel image are performed. This has changed since commit
2aa14b1ab2c4 ("zstd: import usptream v1.5.2") which includes zstd library
commit 6a7ede3dfccb ("Reduce size of dctx by reutilizing dst buffer
(#2751)"). Now zstd decompression code might store literal buffer in
the unwritten portion of the destination buffer. Since "out_len" is
not set, it is considered to be unlimited and hence free to use for
optimization needs. On s390 this might corrupt initrd or ipl report
which are often placed right after the decompressor buffer. Luckily the
size of uncompressed kernel image is already known to the decompressor,
so to avoid the problem simply specify it in the "out_len" parameter.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Linux

Affected Versions:

2aa14b1ab2c41a4fe41efae80d58bb77da91f19f 2aa14b1ab2c41a4fe41efae80d58bb77da91f19f 2aa14b1ab2c41a4fe41efae80d58bb77da91f19f 2aa14b1ab2c41a4fe41efae80d58bb77da91f19f 2aa14b1ab2c41a4fe41efae80d58bb77da91f19f
Linux

Linux

Affected Versions:

6.2 0 5.4.232 5.10.169 5.15.95 6.1.13
linux

linux_kernel

Affected Versions:

1da177e4c3f4
linux

linux_kernel

Affected Versions:

5.4.232
linux

linux_kernel

Affected Versions:

5.10.169
linux

linux_kernel

Affected Versions:

5.15.95
linux

linux_kernel

Affected Versions:

6.1.13
linux

linux_kernel

Affected Versions:

6.2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-7pr3-9p48-wx7x

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel image are performed. This has changed since commit 2aa14b1ab2c4 ("zstd: import usptream v1.5.2") which includes zstd library commit 6a7ede3dfccb ("Reduce size of dctx by reutilizing dst buffer (#2751)"). Now zstd decompression code might store literal buffer in the unwritten portion of the destination buffer. Since "out_len" is not set, it is considered to be unlimited and hence free to use for optimization needs. On s390 this might corrupt initrd or ipl report which are often placed right after the decompressor buffer. Luckily the size of uncompressed kernel image is already known to the decompressor, so to avoid the problem simply specify it in the "out_len" parameter.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-52733
WEB https://git.kernel.org/stable/c/16409f7d9ca5bb8220e1049ea9aae0d3c94d2dfb
WEB https://git.kernel.org/stable/c/55dbd6f4ea954751340f4f73d5dcd7c8f12208b2
WEB https://git.kernel.org/stable/c/7ab41c2c08a32132ba8c14624910e2fe8ce4ba4b
WEB https://git.kernel.org/stable/c/9ed522143f959630f8b7782ddc212900d8f609a9
WEB https://git.kernel.org/stable/c/f1eb22d0ff064ad458b3b1a1eaa84ac3996206c2

Advisory provided by GitHub Security Advisory Database. Published: May 21, 2024, Modified: July 3, 2024

References

https://git.kernel.org/stable/c/16409f7d9ca5bb8220e1049ea9aae0d3c94d2dfb
https://git.kernel.org/stable/c/55dbd6f4ea954751340f4f73d5dcd7c8f12208b2
https://git.kernel.org/stable/c/9ed522143f959630f8b7782ddc212900d8f609a9
https://git.kernel.org/stable/c/f1eb22d0ff064ad458b3b1a1eaa84ac3996206c2
https://git.kernel.org/stable/c/7ab41c2c08a32132ba8c14624910e2fe8ce4ba4b
Published: 2024-05-21T15:22:58.605Z
Last Modified: 2025-05-21T14:04:11.020Z
Copied to clipboard!