/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2023-52979

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-52979

Severity

5.5

Medium

CVSS V3

Description

In the Linux kernel, the following vulnerability has been resolved:

squashfs: harden sanity check in squashfs_read_xattr_id_table

While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table().

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

References

Affected packages


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing