{"api_version":"1","generated_at":"2026-04-22T23:09:21+00:00","cve":"CVE-2023-34256","urls":{"html":"https://cve.report/CVE-2023-34256","api":"https://cve.report/api/cve/CVE-2023-34256.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-34256","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-34256"},"summary":{"title":"CVE-2023-34256","description":"** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated \"When modifying the block device while it is mounted by the filesystem\" access.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-05-31 20:15:00","updated_at":"2023-11-15 02:51:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3","name":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html","name":"[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3508-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321","name":"https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321","refsource":"MISC","tags":[],"title":"KASAN: slab-out-of-bounds Read in ext4_group_desc_csum","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html","name":"[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3623-1] linux-5.10 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1211895","name":"https://bugzilla.suse.com/show_bug.cgi?id=1211895","refsource":"MISC","tags":[],"title":"1211895 – (CVE-2023-34256) VUL-0: CVE-2023-34256: kernel: potential slab-out-of-bounds in ext4_group_desc_csum","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31","refsource":"MISC","tags":[],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-34256","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34256","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"34256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise","cpe6":"12.0","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise","cpe6":"15.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise","cpe6":"15.0","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-34256","qid":"160766","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12566)"},{"cve":"CVE-2023-34256","qid":"160767","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12565)"},{"cve":"CVE-2023-34256","qid":"200199","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6700-1)"},{"cve":"CVE-2023-34256","qid":"200202","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6701-1)"},{"cve":"CVE-2023-34256","qid":"200209","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6701-2)"},{"cve":"CVE-2023-34256","qid":"200217","title":"Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6700-2)"},{"cve":"CVE-2023-34256","qid":"200222","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6701-3)"},{"cve":"CVE-2023-34256","qid":"200244","title":"Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6701-4)"},{"cve":"CVE-2023-34256","qid":"355531","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-034"},{"cve":"CVE-2023-34256","qid":"355532","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-021"},{"cve":"CVE-2023-34256","qid":"355536","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-047"},{"cve":"CVE-2023-34256","qid":"355545","title":"Amazon Linux Security Advisory for kernel : ALAS2-2023-2100"},{"cve":"CVE-2023-34256","qid":"355557","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-1773"},{"cve":"CVE-2023-34256","qid":"378889","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0036)"},{"cve":"CVE-2023-34256","qid":"390285","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2023-0017)"},{"cve":"CVE-2023-34256","qid":"390286","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2023-0018)"},{"cve":"CVE-2023-34256","qid":"6000136","title":"Debian Security Update for linux (DLA 3508-1)"},{"cve":"CVE-2023-34256","qid":"6000265","title":"Debian Security Update for linux-5.10 (DLA 3623-1)"},{"cve":"CVE-2023-34256","qid":"6140228","title":"AWS Bottlerocket Security Update for kernel (GHSA-p98r-538v-jgw5)"},{"cve":"CVE-2023-34256","qid":"673261","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2614)"},{"cve":"CVE-2023-34256","qid":"673272","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2584)"},{"cve":"CVE-2023-34256","qid":"673354","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2843)"},{"cve":"CVE-2023-34256","qid":"673372","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2787)"},{"cve":"CVE-2023-34256","qid":"673496","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2860)"},{"cve":"CVE-2023-34256","qid":"673498","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3132)"},{"cve":"CVE-2023-34256","qid":"673604","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2811)"},{"cve":"CVE-2023-34256","qid":"907004","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27052-1)"},{"cve":"CVE-2023-34256","qid":"907022","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (27063-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-34256","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated \"When modifying the block device while it is mounted by the filesystem\" access."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321","refsource":"MISC","name":"https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31","refsource":"MISC","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31"},{"url":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3","refsource":"MISC","name":"https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3"},{"refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1211895","url":"https://bugzilla.suse.com/show_bug.cgi?id=1211895"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"}]}},"nvd":{"publishedDate":"2023-05-31 20:15:00","lastModifiedDate":"2023-11-15 02:51:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:suse:linux_enterprise:15.0:sp4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:suse:linux_enterprise:15.0:sp5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:suse:linux_enterprise:12.0:sp5:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}