CVE-2023-52436

Advisory lineage Upstream: 0 Downstream: 16

Downstream

DEBIAN-CVE-2023-52436 DLA-3840-1 DLA-3841-1 UBUNTU-CVE-2023-52436 USN-6688-1 USN-6724-1

Modified

Published: 20 Feb 2024, 18:34

Last modified:11 May 2026, 19:27

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Feb 2024, 18:34

Published

Vulnerability first disclosed

11 May 2026, 19:27

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 2%

Affected Systems

linux•linux
≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < 16ae3132ff7746894894927c1892493693b89135 | ≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < 12cf91e23b126718a96b914f949f2cdfeadc7b2a | ≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < 3e47740091b05ac8d7836a33afd8646b6863ca52 | ≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < 32a6cfc67675ee96fe107aeed5af9776fec63f11 | ≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < 5de9e9dd1828db9b8b962f7ca42548bd596deb8a | ≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < 2525d1ba225b5c167162fa344013c408e8b4de36 | ≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < f6c30bfe5a49bc38cae985083a11016800708fea | ≥ 98e4da8ca301e062d79ae168c67e56f3c3de3ce4, < e26b6d39270f5eab0087453d9b544189a38c8564 | 3.8
linux•linux_kernel
< 4.19.306 | ≥ 4.20.0, < 5.4.268 | ≥ 5.5.0, < 5.10.209 | ≥ 5.11.0, < 5.15.148 | ≥ 5.16.0, < 6.1.74 | ≥ 6.2.0, < 6.6.13 | ≥ 6.7.0, < 6.7.1