CVE-2023-52979 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025032705-CVE-2023-52979-ca3f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52979
https://www.cve.org/CVERecord?id=CVE-2023-52979

History

Mon, 06 Oct 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	squashfs: harden sanity check in squashfs_read_xattr_id_table	kernel: squashfs: harden sanity check in squashfs_read_xattr_id_table
CPEs	cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989 https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76 https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 01 Oct 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Jun 2025 21:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:linux:linux_kernel:6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc6::::::

Tue, 15 Apr 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc6::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 28 Mar 2025 13:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025032705-CVE-2023-52979-ca3f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-52979 https://www.cve.org/CVERecord?id=CVE-2023-52979
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 27 Mar 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Title		squashfs: harden sanity check in squashfs_read_xattr_id_table
References		https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989 https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76 https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-03-27T16:43:18.882Z

Updated: 2025-10-07T06:23:46.355Z

Reserved: 2025-03-27T16:40:15.739Z

Link: CVE-2023-52979

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-03-27T17:15:45.057

Modified: 2025-10-07T07:15:37.377

Link: CVE-2023-52979

Redhat

Severity : Moderate

Publid Date: 2025-03-27T00:00:00Z

Links: CVE-2023-52979 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object