{
  "threat_severity" : "Low",
  "public_date" : "2024-02-20T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: f2fs: explicitly null-terminate the xattr list",
    "id" : "2265267",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2265267"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-170",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nf2fs: explicitly null-terminate the xattr list\nWhen setting an xattr, explicitly null-terminate the xattr list.  This\neliminates the fragile assumption that the unused xattr space is always\nzeroed.", "A flaw was found in the Linux kernel’s f2fs subsystem. When setting an xattr, explicitly null-terminate the xattr list. This eliminates the assumption that the unused xattr space is always zeroed." ],
  "statement" : "Red Hat Enterprise Linux not affected.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52436\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52436\nhttps://lore.kernel.org/linux-cve-announce/2024022056-operative-cork-082c@gregkh/T/#u" ],
  "name" : "CVE-2023-52436",
  "csaw" : false
}