CVE-2023-52979

Опубликовано: 03 сент. 2025

Источник: msrc

CVSS3: 5.5

Описание

squashfs: harden sanity check in squashfs_read_xattr_id_table

FAQ

Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-52979

ubuntu

9 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-52979

CVSS3: 5.5

redhat

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

CVE-2023-52979

nvd

9 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

GHSA-592q-r679-2jpc

CVSS3: 5.5

github

9 месяцев назад

BDU:2025-06267

CVSS3: 7.8

fstec

почти 3 года назад

Уязвимость функции squashfs_read_xattr_id_table() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3