CVE-2023-53301

EUVD-2023-59888
In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix kernel crash due to null io->bio

We should return when io->bio is null before doing anything. Otherwise, panic.

BUG: kernel NULL pointer dereference, address: 0000000000000010
RIP: 0010:__submit_merged_write_cond+0x164/0x240 [f2fs]
Call Trace:
 <TASK>
 f2fs_submit_merged_write+0x1d/0x30 [f2fs]
 commit_checkpoint+0x110/0x1e0 [f2fs]
 f2fs_write_checkpoint+0x9f7/0xf00 [f2fs]
 ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]
 __checkpoint_and_complete_reqs+0x84/0x190 [f2fs]
 ? preempt_count_add+0x82/0xc0
 ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]
 issue_checkpoint_thread+0x4c/0xf0 [f2fs]
 ? __pfx_autoremove_wake_function+0x10/0x10
 kthread+0xff/0x130
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x2c/0x50
 </TASK>
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.18 ≤
𝑥
< 6.1.16
linuxlinux_kernel
6.2 ≤
𝑥
< 6.2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.237-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
References
https://git.kernel.org/stable/c/267c159f9c7bcb7009dae16889b880c5ed8759a8
https://git.kernel.org/stable/c/83dbb9a1bd5ef2eea73275906fc50b2fdda39cd5
https://git.kernel.org/stable/c/eb52f13c6093ac761dbeaa459c810fc0253209fc