目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2023-52933— Linux kernel 安全漏洞

AI 预测 5.5 利用难度: 中等 EPSS 0.25% · P16

可能的 ATT&CK 技术 1AI

T1564.004 · NTFS File Attributes

影响版本矩阵 24

厂商产品版本范围状态
LinuxLinuxff49cace7b8cf00d27665f7536a863d406963d06< 7fe583c9bec10cd4b76231c51b37f3e4ca646e01affected
a8717b34003f4f7353b23826617ad872f85d85d8< b38c3e9e0adc01956cc3e5a52e4d3f92f79d88e2affected
3654a0ed0bdc6d70502bfc7c9fec9f1e243dfcad< 1369322c1de52c7b9b988b95c9903110a4566778affected
bddcce15cd1fb9675ddd46a76d8fe2d0a571313b< 5c4d4a83bf1a862d80c1efff1c6e3ce33b501e2eaffected
506220d2ba21791314af569211ffd8870b8208fa< 997bed0f3cde78a3e639d624985bf4a95cf767e6affected
506220d2ba21791314af569211ffd8870b8208fa< a7da7d01ac5ce9b369a1ac70e1197999cc6c9686affected
506220d2ba21791314af569211ffd8870b8208fa< f65c4bbbd682b0877b669828b4e033b8d5d0a2dcaffected
91d4f4d0d7bcd6abd9f9288ff40f4edc716f3d4baffected
… +16 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2023-52933 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Squashfs: fix handling and sanity checking of xattr_ids count
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these flaws cause computation overflow due to incorrect typing. In the corrupted filesystem the xattr_ids value is 4294967071, which stored in a signed variable becomes the negative number -225. Flaw 1 (64-bit systems only): The signed integer xattr_ids variable causes sign extension. This causes variable overflow in the SQUASHFS_XATTR_*(A) macros. The variable is first multiplied by sizeof(struct squashfs_xattr_id) where the type of the sizeof operator is "unsigned long". On a 64-bit system this is 64-bits in size, and causes the negative number to be sign extended and widened to 64-bits and then become unsigned. This produces the very large number 18446744073709548016 or 2^64 - 3600. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows and produces a length of 0 (stored in len). Flaw 2 (32-bit systems only): On a 32-bit system the integer variable is not widened by the unsigned long type of the sizeof operator (32-bits), and the signedness of the variable has no effect due it always being treated as unsigned. The above corrupted xattr_ids value of 4294967071, when multiplied overflows and produces the number 4294963696 or 2^32 - 3400. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows again and produces a length of 0. The effect of the 0 length computation: In conjunction with the corrupted xattr_ids field, the filesystem also has a corrupted xattr_table_start value, where it matches the end of filesystem value of 850. This causes the following sanity check code to fail because the incorrectly computed len of 0 matches the incorrect size of the table reported by the superblock (0 bytes). len = SQUASHFS_XATTR_BLOCK_BYTES(*xattr_ids); indexes = SQUASHFS_XATTR_BLOCKS(*xattr_ids); /* * The computed size of the index table (len bytes) should exactly * match the table start and end points */ start = table_start + sizeof(*id_table); end = msblk->bytes_used; if (len != (end - start)) return ERR_PTR(-EINVAL); Changing the xattr_ids variable to be "usigned int" fixes the flaw on a 64-bit system. This relies on the fact the computation is widened by the unsigned long type of the sizeof operator. Casting the variable to u64 in the above macro fixes this flaw on a 32-bit system. It also means 64-bit systems do not implicitly rely on the type of the sizeof operator to widen the computation. [1] https://lore.kernel.org/lkml/000000000000cd44f005f1a0f17f@google.com/
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于Squashfs组件对xattr_ids计数的处理不当,可能导致整数溢出。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux ff49cace7b8cf00d27665f7536a863d406963d06 ~ 7fe583c9bec10cd4b76231c51b37f3e4ca646e01 -
LinuxLinux 5.11 -

二、漏洞 CVE-2023-52933 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2023-52933 的情报信息

登录查看更多情报信息。

CVE-2023-52933 补丁与修复 (2)

同批安全公告 · Linux · 2025-03-27 · 共 124 条

CVE-2023-52982Linux kernel 安全漏洞
CVE-2023-52998Linux kernel 安全漏洞
CVE-2023-52999Linux kernel 安全漏洞
CVE-2023-52997Linux kernel 安全漏洞
CVE-2023-52996Linux kernel 安全漏洞
CVE-2023-52995Linux kernel 安全漏洞
CVE-2023-52994Linux kernel 安全漏洞
CVE-2023-52993Linux kernel 安全漏洞
CVE-2023-52992Linux kernel 安全漏洞
CVE-2023-52991Linux kernel 安全漏洞
CVE-2023-52989Linux kernel 安全漏洞
CVE-2023-52988Linux kernel 安全漏洞
CVE-2023-52987Linux kernel 安全漏洞
CVE-2023-52986Linux kernel 安全漏洞
CVE-2023-52985Linux kernel 安全漏洞
CVE-2023-52984Linux kernel 安全漏洞
CVE-2023-52973Linux kernel 安全漏洞
CVE-2022-49761Linux kernel 安全漏洞
CVE-2022-49760Linux kernel 安全漏洞
CVE-2023-52974Linux kernel 安全漏洞

显示前 20 条,共 124 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2023-52933

暂无评论


发表评论