CVE-2023-52622

CVE Details

Release Date:2024-03-26

Description


In the Linux kernel, the following vulnerability has been resolved:\next4: avoid online resizing failures due to oversized flex bg\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\nmkfs.ext4 -F -G 67108864 -b 4096 100M\nmount \nresize2fs 16G\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n\n__kmalloc_large_node+0xa2/0x200\n__kmalloc+0x16e/0x290\next4_resize_fs+0x481/0xd80\n__ext4_ioctl+0x1616/0x1d90\next4_ioctl+0x12/0x20\n__x64_sys_ioctl+0xf0/0x150\ndo_syscall_64+0x3b/0x90\n==================================================================\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n(PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ? 21845\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed.

See more information about CVE-2023-52622 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 8 (kernel)ELSA-2024-51012024-08-08
Oracle Linux version 9 (kernel)ELSA-2024-93152024-11-14


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete