CVE-2023-3212: Null Pointer Dereference
First published: Mon Jun 12 2023(Updated: )
A flaw in the Linux Kernel found in the GFS2 file system. On corrupted gfs2 file systems the evict code can try to reference the journal descriptor structure, jdesc, after it has been freed and set to NULL. It can lead to null pointer dereference when gfs2_trans_begin being called and then fail ingfs2_evict_inode(). Reference: <a href="https://listman.redhat.com/archives/cluster-devel/2023-April/023914.html">https://listman.redhat.com/archives/cluster-devel/2023-April/023914.html</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.4 | 6.4 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 | |
| Linux Linux kernel | <6.4 | |
| Linux Linux kernel | =6.4-rc1 | |
| Fedora | =38 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| Debian | =10.0 | |
| Debian | =11.0 | |
| Debian | =12.0 | |
| All of | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| All of | ||
| netapp h500s firmware | ||
| netapp h500s | ||
| All of | ||
| netapp h700s firmware | ||
| netapp h700s | ||
| All of | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| IBM Security Verify Governance, Identity Manager software component | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager virtual appliance component | <=ISVG 10.0.2 | |
| Fedoraproject Fedora | =38 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 | |
| All of | ||
| netapp h410c firmware | ||
| netapp h410c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2214348
- https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636
- https://www.debian.org/security/2023/dsa-5448
- https://www.debian.org/security/2023/dsa-5480
- https://security.netapp.com/advisory/ntap-20230929-0005/
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
- https://launchpad.net/bugs/cve/CVE-2023-3212
- https://listman.redhat.com/archives/cluster-devel/2023-April/023914.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2214349
- https://access.redhat.com/errata/RHSA-2023:6583
- https://access.redhat.com/errata/RHSA-2023:6901
- https://access.redhat.com/errata/RHSA-2023:7077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212
- https://nvd.nist.gov/vuln/detail/CVE-2023-3212
- https://security-tracker.debian.org/tracker/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-3212
- https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636
- https://www.ibm.com/support/pages/node/7172423 (Advisory)
- agent/type
- agent/first-publish-date
- agent/author
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3212
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/source
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- collector/ibm-support
- source/IBM
- agent/references
- agent/softwarecombine
- agent/tags
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/6.4-rc1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- version/debian debian linux/12.0
- vendor/netapp
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- package-manager/debian
- canonical/fedora
- version/fedora/38
- canonical/debian
- version/debian/10.0
- version/debian/11.0
- version/debian/12.0
- vendor/ibm
- canonical/ibm security verify governance, identity manager software component
- version/ibm security verify governance, identity manager software component/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance component
- version/ibm security verify governance, identity manager virtual appliance component/isvg 10.0.2