CVE-2023-3212

Published: 6/23/2023 Last updated: 8/2/2024 Reserved: 6/12/2023

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
Linux kernel (gfs2 file system)	n/a	n/a

References (14)

https://security.netapp.com/advisory/ntap-20230929-0005/
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://bugzilla.redhat.com/show_bug.cgi?id=2214348
https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636
https://www.debian.org/security/2023/dsa-5448
https://www.debian.org/security/2023/dsa-5480
https://security.netapp.com/advisory/ntap-20230929-0005/
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://bugzilla.redhat.com/show_bug.cgi?id=2214348
https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636
https://www.debian.org/security/2023/dsa-5448
https://www.debian.org/security/2023/dsa-5480