UBUNTU-CVE-2023-52436

Advisory lineage Upstream: 1 Downstream: 12
Upstream
CVE-2023-52436
Published: 20 Feb 2024, 21:15
Last modified:20 May 2026, 16:15

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 Feb 2024, 21:15
Published
Vulnerability first disclosed
20 May 2026, 16:15
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

  • ubuntulinux

    all | < 4.4.0-257.291 | < 4.15.0-227.239 | < 5.4.0-176.196 | < 5.15.0-102.112

  • ubuntulinux-allwinner-5.19

    all

  • ubuntulinux-aws

    < 4.4.0-1134.140 | < 4.4.0-1172.187 | < 4.15.0-1170.183 | < 5.4.0-1122.132 | < 5.15.0-1057.63

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.11

    all

  • ubuntulinux-aws-5.13

    all

  • ubuntulinux-aws-5.15

    < 5.15.0-1057.63~20.04.1

  • ubuntulinux-aws-5.19

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.4

    < 5.4.0-1122.132~18.04.1

  • ubuntulinux-aws-5.8

    all

  • ubuntulinux-aws-6.2

    all

  • ubuntulinux-aws-6.5

    < 6.5.0-1017.17~22.04.2

  • ubuntulinux-aws-fips

    < 4.15.0-2109.115 | all | < 5.4.0-1122.132+fips1 | < 5.15.0-1057.63+fips1

  • ubuntulinux-aws-hwe

    < 4.15.0-1170.183~16.04.1

  • ubuntulinux-azure

    < 4.15.0-1179.194~14.04.1 | < 4.15.0-1179.194~16.04.1 | all | < 5.4.0-1127.134 | < 5.15.0-1060.69

  • ubuntulinux-azure-4.15

    < 4.15.0-1179.194

  • ubuntulinux-azure-5.11

    all

  • ubuntulinux-azure-5.13

    all

  • ubuntulinux-azure-5.15

    < 5.15.0-1060.69~20.04.1

  • ubuntulinux-azure-5.19

    all

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.4

    < 5.4.0-1127.134~18.04.1

  • ubuntulinux-azure-5.8

    all

  • ubuntulinux-azure-6.2

    all

  • ubuntulinux-azure-6.5

    < 6.5.0-1018.19~22.04.2

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fde

    all | < 5.15.0-1060.69.1 | all

  • ubuntulinux-azure-fde-5.19

    all

  • ubuntulinux-azure-fde-6.2

    all

  • ubuntulinux-azure-fde-6.8

    all

  • ubuntulinux-azure-fips

    < 4.15.0-2088.94 | all | < 5.4.0-1127.134+fips1 | < 5.15.0-1060.69+fips1

  • ubuntulinux-bluefield

    < 5.15.0-1040.42 | < 5.4.0-1082.89 | < 5.15.0-1040.42

  • ubuntulinux-fips

    < 4.4.0-1103.110 | all | < 4.15.0-1125.136 | < 5.4.0-1096.106 | < 5.15.0-102.112+fips1

  • ubuntulinux-gcp

    < 4.15.0-1164.181~16.04.1 | all | < 5.4.0-1126.135 | < 5.15.0-1055.63

  • ubuntulinux-gcp-4.15

    < 4.15.0-1164.181

  • ubuntulinux-gcp-5.11

    all

  • ubuntulinux-gcp-5.13

    all

  • ubuntulinux-gcp-5.15

    < 5.15.0-1055.63~20.04.1

  • ubuntulinux-gcp-5.19

    all

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-5.4

    < 5.4.0-1126.135~18.04.1

  • ubuntulinux-gcp-5.8

    all

  • ubuntulinux-gcp-6.2

    all

  • ubuntulinux-gcp-6.5

    < 6.5.0-1017.17~22.04.1

  • ubuntulinux-gcp-fips

    < 4.15.0-2072.77 | all | < 5.4.0-1126.135+fips1 | < 5.15.0-1055.63+fips2

  • ubuntulinux-gke

    all | < 5.15.0-1054.59

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-gke-5.15

    all

  • ubuntulinux-gke-5.4

    all

Showing first 50 affected entries in server-rendered view.

References (23)