CVE-2023-54192

EUVD-2023-60449
In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block

We got a kernel panic if old_addr is NULL.

https://bugzilla.kernel.org/show_bug.cgi?id=217266

BUG: kernel NULL pointer dereference, address: 0000000000000000
 Call Trace:
  <TASK>
  f2fs_commit_atomic_write+0x619/0x990 [f2fs a1b985b80f5babd6f3ea778384908880812bfa43]
  __f2fs_ioctl+0xd8e/0x4080 [f2fs a1b985b80f5babd6f3ea778384908880812bfa43]
  ? vfs_write+0x2ae/0x3f0
  ? vfs_write+0x2ae/0x3f0
  __x64_sys_ioctl+0x91/0xd0
  do_syscall_64+0x5c/0x90
  entry_SYSCALL_64_after_hwframe+0x72/0xdc
 RIP: 0033:0x7f69095fe53f
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.247-1
fixed
forky
6.17.13-1
fixed
sid
6.17.13-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
References
https://git.kernel.org/stable/c/1424358cd66c49460493293497b54cb72e0213cc
https://git.kernel.org/stable/c/424f8cdc0ad29e4940be96dcc0b935ba497adeda
https://git.kernel.org/stable/c/da6ea0b050fa720302b56fbb59307e7c7531a342
https://git.kernel.org/stable/c/e2bbefc1741cb0732c13652be173da02f25611d1