{"id":"CVE-2023-52779","summary":"fs: Pass AT_GETATTR_NOSEC flag to getattr interface function","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Pass AT_GETATTR_NOSEC flag to getattr interface function\n\nWhen vfs_getattr_nosec() calls a filesystem's getattr interface function\nthen the 'nosec' should propagate into this function so that\nvfs_getattr_nosec() can again be called from the filesystem's gettattr\nrather than vfs_getattr(). The latter would add unnecessary security\nchecks that the initial vfs_getattr_nosec() call wanted to avoid.\nTherefore, introduce the getattr flag GETATTR_NOSEC and allow to pass\nwith the new getattr_flags parameter to the getattr interface function.\nIn overlayfs and ecryptfs use this flag to determine which one of the\ntwo functions to call.\n\nIn a recent code change introduced to IMA vfs_getattr_nosec() ended up\ncalling vfs_getattr() in overlayfs, which in turn called\nsecurity_inode_getattr() on an exiting process that did not have\ncurrent-\u003efs set anymore, which then caused a kernel NULL pointer\ndereference. With this change the call to security_inode_getattr() can\nbe avoided, thus avoiding the NULL pointer dereference.","modified":"2026-04-02T09:43:19.791401Z","published":"2024-05-21T15:30:58.899Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52779.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52779.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52779"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"db1d1e8b9867aae5c3e61ad7859abfcc4a6fd6c7"},{"fixed":"3fb0fa08641903304b9d81d52a379ff031dc41d4"},{"fixed":"8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52779.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}