{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T15:22:07.337","vulnerabilities":[{"cve":{"id":"CVE-2023-52779","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-05-21T16:15:16.890","lastModified":"2025-04-02T15:02:51.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Pass AT_GETATTR_NOSEC flag to getattr interface function\n\nWhen vfs_getattr_nosec() calls a filesystem's getattr interface function\nthen the 'nosec' should propagate into this function so that\nvfs_getattr_nosec() can again be called from the filesystem's gettattr\nrather than vfs_getattr(). The latter would add unnecessary security\nchecks that the initial vfs_getattr_nosec() call wanted to avoid.\nTherefore, introduce the getattr flag GETATTR_NOSEC and allow to pass\nwith the new getattr_flags parameter to the getattr interface function.\nIn overlayfs and ecryptfs use this flag to determine which one of the\ntwo functions to call.\n\nIn a recent code change introduced to IMA vfs_getattr_nosec() ended up\ncalling vfs_getattr() in overlayfs, which in turn called\nsecurity_inode_getattr() on an exiting process that did not have\ncurrent->fs set anymore, which then caused a kernel NULL pointer\ndereference. With this change the call to security_inode_getattr() can\nbe avoided, thus avoiding the NULL pointer dereference."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: pasar el indicador AT_GETATTR_NOSEC a la función de interfaz getattr. Cuando vfs_getattr_nosec() llama a la función de interfaz getattr de un sistema de archivos, entonces 'nosec' debe propagarse a esta función para que se pueda volver a llamar a vfs_getattr_nosec() desde gettattr del sistema de archivos en lugar de vfs_getattr(). Esto último agregaría controles de seguridad innecesarios que la llamada inicial a vfs_getattr_nosec() quería evitar. Por lo tanto, introduzca el indicador getattr GETATTR_NOSEC y permita pasar con el nuevo parámetro getattr_flags a la función de interfaz getattr. En overlayfs y ecryptfs use este indicador para determinar cuál de las dos funciones llamar. En un cambio de código reciente introducido en IMA, vfs_getattr_nosec() terminó llamando a vfs_getattr() en overlayfs, que a su vez llamó a security_inode_getattr() en un proceso saliente que ya no tenía current->fs configurado, lo que luego provocó una desreferencia del puntero NULL del kernel . Con este cambio se puede evitar la llamada a security_inode_getattr(), evitando así la desreferencia del puntero NULL."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.4","matchCriteriaId":"C5AC7A97-CD56-4012-B418-D5FF1799F8CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*","matchCriteriaId":"3A0038DE-E183-4958-A6E3-CE3821FEAFBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*","matchCriteriaId":"E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}