{"uuid": "0652e25a-7775-4b1f-a1b3-d03f4cd8090f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52900", "type": "seen", "source": "https://t.me/cvedetector/3754", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-52900 - IBM Nilfs2 Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2023-52900 \nPublished : Aug. 21, 2024, 7:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnilfs2: fix general protection fault in nilfs_btree_insert()  \n  \nIf nilfs2 reads a corrupted disk image and tries to reads a b-tree node  \nblock by calling __nilfs_btree_get_block() against an invalid virtual  \nblock address, it returns -ENOENT because conversion of the virtual block  \naddress to a disk block address fails.  However, this return value is the  \nsame as the internal code that b-tree lookup routines return to indicate  \nthat the block being searched does not exist, so functions that operate on  \nthat b-tree may misbehave.  \n  \nWhen nilfs_btree_insert() receives this spurious 'not found' code from  \nnilfs_btree_do_lookup(), it misunderstands that the 'not found' check was  \nsuccessful and continues the insert operation using incomplete lookup path  \ndata, causing the following crash:  \n  \n general protection fault, probably for non-canonical address  \n 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN  \n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]  \n ...  \n RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]  \n RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]  \n RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238  \n Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89  \n ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03  80 3c  \n 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02  \n ...  \n Call Trace:  \n   \n  nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]  \n  nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147  \n  nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101  \n  __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991  \n  __block_write_begin fs/buffer.c:2041 [inline]  \n  block_write_begin+0x93/0x1e0 fs/buffer.c:2102  \n  nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261  \n  generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772  \n  __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900  \n  generic_file_write_iter+0xab/0x310 mm/filemap.c:3932  \n  call_write_iter include/linux/fs.h:2186 [inline]  \n  new_sync_write fs/read_write.c:491 [inline]  \n  vfs_write+0x7dc/0xc50 fs/read_write.c:584  \n  ksys_write+0x177/0x2a0 fs/read_write.c:637  \n  do_syscall_x64 arch/x86/entry/common.c:50 [inline]  \n  do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80  \n  entry_SYSCALL_64_after_hwframe+0x63/0xcd  \n ...  \n   \n  \nThis patch fixes the root cause of this problem by replacing the error  \ncode that __nilfs_btree_get_block() returns on block address conversion  \nfailure from -ENOENT to another internal code -EINVAL which means that the  \nb-tree metadata is corrupted.  \n  \nBy returning -EINVAL, it propagates without glitches, and for all relevant  \nb-tree operations, functions in the upper bmap layer output an error  \nmessage indicating corrupted b-tree metadata via  \nnilfs_bmap_convert_error(), and code -EIO will be eventually returned as  \nit should be. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T09:52:21.000000Z"}