CVE-2023-52682 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on_block_writeback() to wait for GCed page writeback in IPU write path. Thread A GC-Thread - f2fs_gc - do_garbage_collect - gc_data_segment - move_data_block - f2fs_submit_page_write migrate normal cluster's block via meta_inode's page cache - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_submit_page_bio IRQ - f2fs_read_end_io IRQ old data overrides new data due to out-of-order GC and common IO. - f2fs_read_end_io

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2
https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00
https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3
https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986
https://lore.kernel.org/linux-cve-announce/2024051751-CVE-2023-52682-fae2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52682
https://www.cve.org/CVERecord?id=CVE-2023-52682

History

Mon, 04 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:24:45.345Z

Updated: 2025-05-04T07:41:27.856Z

Reserved: 2024-03-07T14:49:46.887Z

Link: CVE-2023-52682

Vulnrichment

Updated: 2024-08-02T23:11:34.506Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T15:15:19.427

Modified: 2024-11-21T08:40:21.140

Link: CVE-2023-52682

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2023-52682 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52682", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-07T14:49:46.887Z", "datePublished": "2024-05-17T14:24:45.345Z", "dateUpdated": "2025-05-04T07:41:27.856Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:41:27.856Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait on block writeback for post_read case\n\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\n\nThread A\t\t\t\tGC-Thread\n\t\t\t\t\t- f2fs_gc\n\t\t\t\t\t - do_garbage_collect\n\t\t\t\t\t - gc_data_segment\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t migrate normal cluster's block via\n\t\t\t\t\t meta_inode's page cache\n- f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_submit_page_bio\n\nIRQ\n- f2fs_read_end_io\n\t\t\t\t\tIRQ\n\t\t\t\t\told data overrides new data due to\n\t\t\t\t\tout-of-order GC and common IO.\n\t\t\t\t\t- f2fs_read_end_io"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/data.c"], "versions": [{"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "9bfd5ea71521d0e522ba581c6ccc5db93759c0c3", "status": "affected", "versionType": "git"}, {"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "4535be48780431753505e74e1b1ad4836a189bc2", "status": "affected", "versionType": "git"}, {"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "f904c156d8011d8291ffd5b6b398f3747e294986", "status": "affected", "versionType": "git"}, {"version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/data.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.1.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.6.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.7.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3"}, {"url": "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2"}, {"url": "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986"}, {"url": "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00"}], "title": "f2fs: fix to wait on block writeback for post_read case", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52682", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:39:15.342278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:15.749Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:34.506Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:34.506Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52682", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:39:15.342278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:39:20.454Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "f2fs: fix to wait on block writeback for post_read case", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "9bfd5ea71521d0e522ba581c6ccc5db93759c0c3", "versionType": "git"}, {"status": "affected", "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "4535be48780431753505e74e1b1ad4836a189bc2", "versionType": "git"}, {"status": "affected", "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "f904c156d8011d8291ffd5b6b398f3747e294986", "versionType": "git"}, {"status": "affected", "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3", "lessThan": "55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00", "versionType": "git"}], "programFiles": ["fs/f2fs/data.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.6"}, {"status": "unaffected", "version": "0", "lessThan": "5.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.75", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.14", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/f2fs/data.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3"}, {"url": "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2"}, {"url": "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986"}, {"url": "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait on block writeback for post_read case\n\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\n\nThread A\t\t\t\tGC-Thread\n\t\t\t\t\t- f2fs_gc\n\t\t\t\t\t - do_garbage_collect\n\t\t\t\t\t - gc_data_segment\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t migrate normal cluster's block via\n\t\t\t\t\t meta_inode's page cache\n- f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_submit_page_bio\n\nIRQ\n- f2fs_read_end_io\n\t\t\t\t\tIRQ\n\t\t\t\t\told data overrides new data due to\n\t\t\t\t\tout-of-order GC and common IO.\n\t\t\t\t\t- f2fs_read_end_io"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.75", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.14", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.2", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "5.6"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:41:27.856Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52682", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:41:27.856Z", "dateReserved": "2024-03-07T14:49:46.887Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:24:45.345Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait on block writeback for post_read case\n\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\n\nThread A\t\t\t\tGC-Thread\n\t\t\t\t\t- f2fs_gc\n\t\t\t\t\t - do_garbage_collect\n\t\t\t\t\t - gc_data_segment\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t migrate normal cluster's block via\n\t\t\t\t\t meta_inode's page cache\n- f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_submit_page_bio\n\nIRQ\n- f2fs_read_end_io\n\t\t\t\t\tIRQ\n\t\t\t\t\told data overrides new data due to\n\t\t\t\t\tout-of-order GC and common IO.\n\t\t\t\t\t- f2fs_read_end_io"}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: f2fs: correcci\u00f3n para esperar en la reescritura del bloque para el caso post_read. Si el inodo est\u00e1 comprimido, pero no encriptado, no llam\u00f3 a f2fs_wait_on_block_writeback() para esperar la reescritura de la p\u00e1gina GCed en la ruta de escritura de la IPU. Subproceso A GC-Thread - f2fs_gc - do_garbage_collect - gc_data_segment - move_data_block - f2fs_submit_page_write migra el bloque del cl\u00faster normal a trav\u00e9s del cach\u00e9 de p\u00e1gina de meta_inode - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_submit_page_bio IRQ - fs_read_end_io Los datos antiguos de IRQ anulan los datos nuevos debido a GC desordenado y com\u00fan O\u00cd. - f2fs_read_end_io"}], "id": "CVE-2023-52682", "lastModified": "2024-11-21T08:40:21.140", "metrics": {}, "published": "2024-05-17T15:15:19.427", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: f2fs: fix to wait on block writeback for post_read case", "id": "2281319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281319"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nf2fs: fix to wait on block writeback for post_read case\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\nThread AGC-Thread\n- f2fs_gc\n- do_garbage_collect\n- gc_data_segment\n- move_data_block\n- f2fs_submit_page_write\nmigrate normal cluster's block via\nmeta_inode's page cache\n- f2fs_write_single_data_page\n- f2fs_do_write_data_page\n- f2fs_inplace_write_data\n- f2fs_submit_page_bio\nIRQ\n- f2fs_read_end_io\nIRQ\nold data overrides new data due to\nout-of-order GC and common IO.\n- f2fs_read_end_io", "A vulnerability was found in the Linux kernel's Flash-Friendly File System (F2FS) implementation. This issue arises from a failure to wait for block writeback in the post-read case, which could lead to data corruption or inconsistencies."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52682", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52682\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52682\nhttps://lore.kernel.org/linux-cve-announce/2024051751-CVE-2023-52682-fae2@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}