1. Home
  2. Vulnerabilities
  3. CVE-2023-52979
5.5
MEDIUM CVSS 3.1
CVE-2023-52979
squashfs: harden sanity check in squashfs_read_xattr_id_table
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

March 27, 2025, 5:15 p.m.

Last Modified :

Oct. 7, 2025, 7:15 a.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-52979 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
CVSS 3.1 MEDIUM 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
Update the Linux kernel to a version that includes the squashfs fix.
  • Update the Linux kernel to the latest stable version.
  • Recompile the kernel if custom modifications were made.
  • Reboot the system after applying the kernel update.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-52979 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-52979 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 07, 2025

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 07, 2025

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed CVSS V3.1 NIST: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Removed CVSS V3.1 CISA-ADP: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Removed CWE NIST: CWE-476
    Removed CWE CISA-ADP: CWE-476
    Removed CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.222 up to (excluding) 4.15 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.258 up to (excluding) 4.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.258 up to (excluding) 4.5 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.176 up to (excluding) 4.20 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.16 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.98 up to (excluding) 5.5
    Removed Reference kernel.org: https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989
    Removed Reference kernel.org: https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76
    Removed Reference kernel.org: https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb
    Removed Reference kernel.org: https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e
    Removed Reference kernel.org: https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc
    Removed Reference kernel.org: https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c
    Removed Reference kernel.org: https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989 Types: Not Applicable
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76 Types: Not Applicable
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb Types: Not Applicable
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e Types: Not Applicable
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc Types: Not Applicable
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c Types: Not Applicable
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7 Types: Not Applicable
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 01, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-476
  • Modified Analysis by [email protected]

    Jun. 25, 2025

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.258 up to (excluding) 4.5 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.258 up to (excluding) 4.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.222 up to (excluding) 4.14.306 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.176 up to (excluding) 4.19.273 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.98 up to (excluding) 5.4.232 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.16 up to (excluding) 5.10.168 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.93 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.11 OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.222 up to (excluding) 4.15 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.258 up to (excluding) 4.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.258 up to (excluding) 4.5 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.176 up to (excluding) 4.20 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.16 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.98 up to (excluding) 5.5
    Changed Reference Type kernel.org: https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989 Types: Patch kernel.org: https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989 Types: Not Applicable
    Changed Reference Type kernel.org: https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76 Types: Patch kernel.org: https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76 Types: Not Applicable
    Changed Reference Type kernel.org: https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb Types: Patch kernel.org: https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb Types: Not Applicable
    Changed Reference Type kernel.org: https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e Types: Patch kernel.org: https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e Types: Not Applicable
    Changed Reference Type kernel.org: https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc Types: Patch kernel.org: https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc Types: Not Applicable
    Changed Reference Type kernel.org: https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c Types: Patch kernel.org: https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c Types: Not Applicable
    Changed Reference Type kernel.org: https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7 Types: Patch kernel.org: https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7 Types: Not Applicable
  • Initial Analysis by [email protected]

    Apr. 15, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.258 up to (excluding) 4.5 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.258 up to (excluding) 4.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.222 up to (excluding) 4.14.306 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.176 up to (excluding) 4.19.273 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.98 up to (excluding) 5.4.232 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.16 up to (excluding) 5.10.168 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.93 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.11
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7 Types: Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 27, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
    Added Reference https://git.kernel.org/stable/c/29e774dcb27116c06b9c57b1f1f14a1623738989
    Added Reference https://git.kernel.org/stable/c/72e544b1b28325fe78a4687b980871a7e4101f76
    Added Reference https://git.kernel.org/stable/c/b30a74f83265c24d1d0842c6c3928cd2e775a3fb
    Added Reference https://git.kernel.org/stable/c/b7398efe24a965cf3937b716c0b1011c201c5d6e
    Added Reference https://git.kernel.org/stable/c/cf5d6612092408157db6bb500c70bf6d67c40fbc
    Added Reference https://git.kernel.org/stable/c/db76fc535fbdfbf29fd0b93e49627537ad794c8c
    Added Reference https://git.kernel.org/stable/c/de2785aa3448d1ee7be3ab47fd4a873025f1b3d7
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact