CVE-2023-34256
First published: Wed May 31 2023(Updated: )
** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 | |
| Linux Kernel | <6.3.3 | |
| SUSE Linux Enterprise Server | =12.0-sp5 | |
| SUSE Linux Enterprise Server | =15.0-sp4 | |
| SUSE Linux Enterprise Server | =15.0-sp5 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31
- https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3
- https://bugzilla.suse.com/show_bug.cgi?id=1211895
- https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://launchpad.net/bugs/cve/CVE-2023-34256
- https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31
- https://security-tracker.debian.org/tracker/CVE-2023-34256
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34256
- https://nvd.nist.gov/vuln/detail/CVE-2023-34256
- https://ubuntu.com/security/CVE-2023-34256
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-34256.
What is the severity of CVE-2023-34256?
CVE-2023-34256 has a severity rating of 5.5 (medium).
Which software is affected by CVE-2023-34256?
Linux kernel versions before 6.3.3, Suse Linux Enterprise 12.0-sp5, Suse Linux Enterprise 15.0-sp4, and Suse Linux Enterprise 15.0-sp5 are affected by CVE-2023-34256.
What is the CWE-ID associated with CVE-2023-34256?
The CWE-ID associated with CVE-2023-34256 is CWE-125.
Are there any references available for CVE-2023-34256?
Yes, you can find references for CVE-2023-34256 at the following links: [link1](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31), [link2](https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321), [link3](https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3)
- collector/nvd-latest
- agent/type
- agent/remedy
- agent/severity
- agent/weakness
- agent/status
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12.0-sp5
- version/suse linux enterprise server/15.0-sp4
- version/suse linux enterprise server/15.0-sp5
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- status/disputed