admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-527xx/CVE-2023-52779.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

29 lines
3.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-52779",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:16.890",
"lastModified": "2024-05-21T16:53:56.550",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Pass AT_GETATTR_NOSEC flag to getattr interface function\n\nWhen vfs_getattr_nosec() calls a filesystem's getattr interface function\nthen the 'nosec' should propagate into this function so that\nvfs_getattr_nosec() can again be called from the filesystem's gettattr\nrather than vfs_getattr(). The latter would add unnecessary security\nchecks that the initial vfs_getattr_nosec() call wanted to avoid.\nTherefore, introduce the getattr flag GETATTR_NOSEC and allow to pass\nwith the new getattr_flags parameter to the getattr interface function.\nIn overlayfs and ecryptfs use this flag to determine which one of the\ntwo functions to call.\n\nIn a recent code change introduced to IMA vfs_getattr_nosec() ended up\ncalling vfs_getattr() in overlayfs, which in turn called\nsecurity_inode_getattr() on an exiting process that did not have\ncurrent->fs set anymore, which then caused a kernel NULL pointer\ndereference. With this change the call to security_inode_getattr() can\nbe avoided, thus avoiding the NULL pointer dereference."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: pasar el indicador AT_GETATTR_NOSEC a la funci\u00f3n de interfaz getattr. Cuando vfs_getattr_nosec() llama a la funci\u00f3n de interfaz getattr de un sistema de archivos, entonces 'nosec' debe propagarse a esta funci\u00f3n para que se pueda volver a llamar a vfs_getattr_nosec() desde gettattr del sistema de archivos en lugar de vfs_getattr(). Esto \u00faltimo agregar\u00eda controles de seguridad innecesarios que la llamada inicial a vfs_getattr_nosec() quer\u00eda evitar. Por lo tanto, introduzca el indicador getattr GETATTR_NOSEC y permita pasar con el nuevo par\u00e1metro getattr_flags a la funci\u00f3n de interfaz getattr. En overlayfs y ecryptfs use este indicador para determinar cu\u00e1l de las dos funciones llamar. En un cambio de c\u00f3digo reciente introducido en IMA, vfs_getattr_nosec() termin\u00f3 llamando a vfs_getattr() en overlayfs, que a su vez llam\u00f3 a security_inode_getattr() en un proceso saliente que ya no ten\u00eda current->fs configurado, lo que luego provoc\u00f3 una desreferencia del puntero NULL del kernel . Con este cambio se puede evitar la llamada a security_inode_getattr(), evitando as\u00ed la desreferencia del puntero NULL."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink