{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T01:51:18.446","vulnerabilities":[{"cve":{"id":"CVE-2023-52900","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-08-21T07:15:06.297","lastModified":"2024-09-13T13:40:28.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix general protection fault in nilfs_btree_insert()\n\nIf nilfs2 reads a corrupted disk image and tries to reads a b-tree node\nblock by calling __nilfs_btree_get_block() against an invalid virtual\nblock address, it returns -ENOENT because conversion of the virtual block\naddress to a disk block address fails.  However, this return value is the\nsame as the internal code that b-tree lookup routines return to indicate\nthat the block being searched does not exist, so functions that operate on\nthat b-tree may misbehave.\n\nWhen nilfs_btree_insert() receives this spurious 'not found' code from\nnilfs_btree_do_lookup(), it misunderstands that the 'not found' check was\nsuccessful and continues the insert operation using incomplete lookup path\ndata, causing the following crash:\n\n general protection fault, probably for non-canonical address\n 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n ...\n RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]\n RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]\n RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238\n Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89\n ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c\n 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02\n ...\n Call Trace:\n <TASK>\n  nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]\n  nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147\n  nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101\n  __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991\n  __block_write_begin fs/buffer.c:2041 [inline]\n  block_write_begin+0x93/0x1e0 fs/buffer.c:2102\n  nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261\n  generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772\n  __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900\n  generic_file_write_iter+0xab/0x310 mm/filemap.c:3932\n  call_write_iter include/linux/fs.h:2186 [inline]\n  new_sync_write fs/read_write.c:491 [inline]\n  vfs_write+0x7dc/0xc50 fs/read_write.c:584\n  ksys_write+0x177/0x2a0 fs/read_write.c:637\n  do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n  do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n ...\n </TASK>\n\nThis patch fixes the root cause of this problem by replacing the error\ncode that __nilfs_btree_get_block() returns on block address conversion\nfailure from -ENOENT to another internal code -EINVAL which means that the\nb-tree metadata is corrupted.\n\nBy returning -EINVAL, it propagates without glitches, and for all relevant\nb-tree operations, functions in the upper bmap layer output an error\nmessage indicating corrupted b-tree metadata via\nnilfs_bmap_convert_error(), and code -EIO will be eventually returned as\nit should be."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: soluciona el fallo de protección general en nilfs_btree_insert() Si nilfs2 lee una imagen de disco corrupta e intenta leer un bloque de nodo de árbol b llamando a __nilfs_btree_get_block() contra una dirección de bloque virtual no válida, devuelve -ENOENT porque falla la conversión de la dirección del bloque virtual a una dirección de bloque de disco. Sin embargo, este valor de retorno es el mismo que el código interno que devuelven las rutinas de búsqueda del árbol b para indicar que el bloque que se busca no existe, por lo que las funciones que operan en ese árbol b pueden comportarse mal. Cuando nilfs_btree_insert() recibe este código falso 'no encontrado' de nilfs_btree_do_lookup(), malinterpreta que la verificación 'no encontrado' fue exitosa y continúa la operación de inserción utilizando datos de ruta de búsqueda incompletos, lo que provoca el siguiente bloqueo: falla de protección general, probablemente por dirección no canónica 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en el rango [0x0000000000000028-0x000000000000002f] ... RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs 2/btree.c:418 [en línea] RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [en línea] RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238 Código: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 3 42 80 3c 28 00 74 08 4c 89 ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 &lt;42&gt; 80 3c 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b f 49 83 c7 02... Seguimiento de llamadas:  nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [en línea] nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147 nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c: 101 __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991 __block_write_begin fs/buffer.c:2041 [en línea] block_write_begin+0x93/0x1e0 fs/buffer.c:2102 nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c :261 generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772 __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900 generic_file_write_iter+0xab/0x310 mm/filemap.c:3932 call_write_iter include/linux/fs.h:2186 [en línea] new_sync_write fs/read_write.c:491 [en línea] vfs_write+0x7dc/0xc50 fs/read_write.c:584 ksys_write+0x177/0x2a0 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [en línea] do_syscall_64 +0x3d/0xb0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd ...  Este parche soluciona la causa raíz de este problema reemplazando el código de error que devuelve __nilfs_btree_get_block() en la conversión de direcciones de bloque falla de -ENOENT a otro código interno -EINVAL, lo que significa que los metadatos del árbol b están dañados. Al devolver -EINVAL, se propaga sin fallos y, para todas las operaciones relevantes del árbol b, las funciones en la capa superior del mapa b generan un mensaje de error que indica metadatos del árbol b corruptos a través de nilfs_bmap_convert_error(), y el código -EIO se devolverá eventualmente cuando debería ser."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.14.304","matchCriteriaId":"E8A9B982-D3D6-49CA-BF0A-196ED7947B3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.271","matchCriteriaId":"D86DA289-B5BC-4629-BD56-AB453D481393"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.230","matchCriteriaId":"9DB7398D-9781-49C5-B2AE-1969B694B614"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.165","matchCriteriaId":"C6002D5B-9B6A-4788-B943-E3EE01E01303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.90","matchCriteriaId":"E995CDA5-7223-4FDB-BAD3-81B22C763A43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.8","matchCriteriaId":"A6AFE6C9-3F59-4711-B2CF-7D6682FF6BD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*","matchCriteriaId":"FF501633-2F44-4913-A8EE-B021929F49F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*","matchCriteriaId":"2BDA597B-CAC1-4DF0-86F0-42E142C654E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*","matchCriteriaId":"725C78C9-12CE-406F-ABE8-0813A01D66E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*","matchCriteriaId":"A127C155-689C-4F67-B146-44A57F4BFD85"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0bf463939c09e5b2c35c71ed74a5fd60a74d6a04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c2a2ff67d46106715c2132021b98bd057c27545","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45627a1a6450662e1e0f8174ef07b05710a20062","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/712bd74eccb9d3626a0a236641962eca8e11a243","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7633355e5c7f29c049a9048e461427d1d8ed3051","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0ba060d3287108eba17603bee3810e4cf2c272d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d9fde9eab1766170ff2ade67d09178d2cfd78749","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}