logo_clicknbuy.png

CVE-2023-53144 – Linux Kernel erofs LZMA HIGHMEM NULL Pointer Dereference Vulnerability

The following table lists the changes that have been made to the
CVE-2023-53144 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 02, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms

    As the call trace shown, the root cause is kunmap incorrect pages:

    BUG: kernel NULL pointer dereference, address: 00000000
    CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6.2.0-rc5 #4
    Workqueue: erofs_worker z_erofs_decompressqueue_work
    EIP: z_erofs_lzma_decompress+0x34b/0x8ac
    z_erofs_decompress+0x12/0x14
    z_erofs_decompress_queue+0x7e7/0xb1c
    z_erofs_decompressqueue_work+0x32/0x60
    process_one_work+0x24b/0x4d8
    ? process_one_work+0x1a4/0x4d8
    worker_thread+0x14c/0x3fc
    kthread+0xe6/0x10c
    ? rescuer_thread+0x358/0x358
    ? kthread_complete_and_exit+0x18/0x18
    ret_from_fork+0x1c/0x28
    —[ end trace 0000000000000000 ]—

    The bug is trivial and should be fixed now. It has no impact on
    !HIGHMEM platforms.
    Added Reference https://git.kernel.org/stable/c/28aea8ae6cf212a5bf3ed962b27921e2029ad754
    Added Reference https://git.kernel.org/stable/c/8f121dfb15f7b4ab345992ce96003eb63fd608f4
    Added Reference https://git.kernel.org/stable/c/fa4056781ac067b5946c6811459e1a36842047fd
Share the Post:

Related Posts