CVE-2023-53295

In the Linux kernel, the following vulnerability has been resolved:

udf: Do not update file length for failed writes to inline files

When write to inline file fails (or happens only partly), we still
updated length of inline data as if the whole write succeeded. Fix the
update of length of inline data to happen only if the write succeeds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
𝑥
< 4.14.308
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.276
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.235
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.173
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.99
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.16
linuxlinux_kernel
6.2 ≤
𝑥
< 6.2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
References
https://git.kernel.org/stable/c/256fe4162f8b5a1625b8603ca5f7ff79725bfb47
https://git.kernel.org/stable/c/5621f7a8139053d0c3c47fb68ee9f602139eb40a
https://git.kernel.org/stable/c/5a6c373d761f55635e175fa2f407544bae8f583b
https://git.kernel.org/stable/c/6837910aeb2c9101fc036dcd1b1f32615c20ec1a
https://git.kernel.org/stable/c/6d18cedc1ef0caeb1567cab660079e48844ff6d6
https://git.kernel.org/stable/c/7bd8d9e1cf5607ee14407f4060b9a1dbb3c42802
https://git.kernel.org/stable/c/c5787d77a5c29fffd295d138bd118b334990a567
https://git.kernel.org/stable/c/eb2133900cac2d2f78befd6be41666cf1a2315d9