CVE-2023-52436

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52436
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52436.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52436
Downstream
Published
2024-02-20T18:34:47.387Z
Modified
2025-11-28T02:35:25.263595Z
Summary
f2fs: explicitly null-terminate the xattr list
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: explicitly null-terminate the xattr list

When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52436.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Fixed
16ae3132ff7746894894927c1892493693b89135
Fixed
12cf91e23b126718a96b914f949f2cdfeadc7b2a
Fixed
3e47740091b05ac8d7836a33afd8646b6863ca52
Fixed
32a6cfc67675ee96fe107aeed5af9776fec63f11
Fixed
5de9e9dd1828db9b8b962f7ca42548bd596deb8a
Fixed
2525d1ba225b5c167162fa344013c408e8b4de36
Fixed
f6c30bfe5a49bc38cae985083a11016800708fea
Fixed
e26b6d39270f5eab0087453d9b544189a38c8564

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
4.19.306
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.268
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.209
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.148
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.74
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.13
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.1