CVE-2023-53144

MEDIUM

Linux Kernel 5.16-6.3 - NULL Pointer Dereference in EROFS LZMA Decompression

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6.2.0-rc5 #4 Workqueue: erofs_worker z_erofs_decompressqueue_work EIP: z_erofs_lzma_decompress+0x34b/0x8ac z_erofs_decompress+0x12/0x14 z_erofs_decompress_queue+0x7e7/0xb1c z_erofs_decompressqueue_work+0x32/0x60 process_one_work+0x24b/0x4d8 ? process_one_work+0x1a4/0x4d8 worker_thread+0x14c/0x3fc kthread+0xe6/0x10c ? rescuer_thread+0x358/0x358 ? kthread_complete_and_exit+0x18/0x18 ret_from_fork+0x1c/0x28 ---[ end trace 0000000000000000 ]--- The bug is trivial and should be fixed now. It has no impact on !HIGHMEM platforms.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/fa4056781ac067b5946c6811459e1a36842047fd

Patch

https://git.kernel.org/stable/c/28aea8ae6cf212a5bf3ed962b27921e2029ad754

Patch

https://git.kernel.org/stable/c/8f121dfb15f7b4ab345992ce96003eb63fd608f4

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (10)

Linux/Linux < 5.16

Linux/Linux 5.16

Linux/Linux 6.1.20 - 6.1.*

Linux/Linux 6.2.7 - 6.2.*

Linux/Linux 6.3

Linux/Linux 622ceaddb7649ca328832f50ba1400af778d75fa - 28aea8ae6cf212a5bf3ed962b27921e2029ad754

Linux/Linux 622ceaddb7649ca328832f50ba1400af778d75fa - 8f121dfb15f7b4ab345992ce96003eb63fd608f4

Linux/Linux 622ceaddb7649ca328832f50ba1400af778d75fa - fa4056781ac067b5946c6811459e1a36842047fd

linux/linux_kernel 6.3 rc1

linux/linux_kernel 5.16 - 6.1.20

Published May 02, 2025

Tracked Since Feb 18, 2026