active/CVE-2023-52497


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

Description: erofs: fix lz4 inplace decompression
References:
Notes:
 carnil> Introduced in 0ffd71bcc3a0 ("staging: erofs: introduce LZ4 decompression
 carnil> inplace")
 carnil> 598162d05080 ("erofs: support decompress big pcluster for lz4 backend").
 carnil> Vulnerable versions: 5.3-rc1 5.13-rc1.
Bugs:
upstream: released (6.8-rc1) [3c12466b6b7bf1e56f9b32c366a3d83d87afb4de]
6.7-upstream-stable: released (6.7.3) [bffc4cc334c5bb31ded54bc3cfd651735a3cb79e]
6.6-upstream-stable: released (6.6.15) [f36d200a80a3ca025532ed60dd1ac21b620e14ae]
6.1-upstream-stable: released (6.1.76) [33bf23c9940dbd3a22aad7f0cda4c84ed5701847]
5.10-upstream-stable: released (5.10.211) [a0180e940cf1aefa7d516e20b259ad34f7a8b379]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.6.15-1)
6.1-bookworm-security: released (6.1.76-1)
5.10-bullseye-security: needed
4.19-buster-security: N/A "Vulnerable code not present"