CVE-2023-52436: f2fs: explicitly null-terminate the xattr list

Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: explicitly null-terminate the xattr list

When setting an xattr, explicitly null-terminate the xattr list. This
eliminates the fragile assumption that the unused xattr space is always
zeroed.

Classification

CVE ID: CVE-2023-52436

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/16ae3132ff7746894894927c1892493693b89135
https://git.kernel.org/stable/c/12cf91e23b126718a96b914f949f2cdfeadc7b2a
https://git.kernel.org/stable/c/3e47740091b05ac8d7836a33afd8646b6863ca52
https://git.kernel.org/stable/c/32a6cfc67675ee96fe107aeed5af9776fec63f11
https://git.kernel.org/stable/c/5de9e9dd1828db9b8b962f7ca42548bd596deb8a
https://git.kernel.org/stable/c/2525d1ba225b5c167162fa344013c408e8b4de36
https://git.kernel.org/stable/c/f6c30bfe5a49bc38cae985083a11016800708fea
https://git.kernel.org/stable/c/e26b6d39270f5eab0087453d9b544189a38c8564

Timeline

2024-12-20 00:30:19 UTC
CVE

f2fs: explicitly null-terminate the xattr list