Fluid Attacks Database

Description

A flaw was found in the OverlayFS (ovl) component of the Linux kernel. A local user can trigger a null pointer dereference by performing a specific sequence of file system operations. This vulnerability occurs when the ovl_get_acl_rcu() function attempts to access a real inode that has been set to NULL due to a race condition during inode destruction. Successful exploitation leads to a kernel crash, causing a Denial of Service (DoS).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	linux	=6.1.27-1 \|\| =6.1.37-1 \|\| =6.1.38-1 \|\| =6.1.38-2 \|\| =6.1.38-2~bpo11+1 \|\| =6.1.38-3 \|\| =6.1.38-4 \|\| =6.1.38-4~bpo11+1 \|\| >=0 <6.1.52-1	6.1.52-1
debian 13	linux	>=0 <6.4.4-1	6.4.4-1
debian 14	linux	>=0 <6.4.4-1	6.4.4-1
rpm rhel9	kernel	<0:5.14.0-570.12.1.el9_6	0:5.14.0-570.12.1.el9_6
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-543132. NVD-2023-543133. OSV-DEBIAN-2023-543134. OSV-2023-543135. SECURITY-TRACKER-CVE-2023-54313

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.