CVE-2023-53144
📋 TL;DR
A kernel memory management vulnerability in the Linux kernel's EROFS filesystem when using LZMA compression on HIGHMEM platforms. It causes a NULL pointer dereference that can crash the kernel, affecting Linux systems with HIGHMEM enabled using EROFS with LZMA compression.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.
Likely Case
System crash or kernel panic when accessing EROFS filesystems with LZMA compression on HIGHMEM systems.
If Mitigated
No impact on systems without HIGHMEM enabled or not using EROFS with LZMA compression.
🎯 Exploit Status
This is a denial-of-service vulnerability, not a privilege escalation or remote code execution. Exploitation requires local access to trigger the filesystem operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via git commits: 28aea8ae6cf212a5bf3ed962b27921e2029ad754, 8f121dfb15f7b4ab345992ce96003eb63fd608f4, fa4056781ac067b5946c6811459e1a36842047fd
Vendor Advisory: https://git.kernel.org/stable/c/28aea8ae6cf212a5bf3ed962b27921e2029ad754
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable EROFS LZMA compression
linuxAvoid using LZMA compression with EROFS filesystem
# When creating EROFS images, use other compression algorithms like LZ4
Disable HIGHMEM if not needed
linuxHIGHMEM is only needed on 32-bit systems with large memory. Most modern 64-bit systems don't need it.
# Check if HIGHMEM is enabled: grep HIGHMEM /boot/config-$(uname -r)
# Recompile kernel without HIGHMEM if on 64-bit system
🧯 If You Can't Patch
- Avoid mounting or using EROFS filesystems with LZMA compression
- Monitor system logs for kernel panic/crash events related to EROFS
🔍 How to Verify
Check if Vulnerable:
Check if system uses HIGHMEM: grep HIGHMEM /boot/config-$(uname -r) and check if EROFS with LZMA is in useCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check for the specific git commit hashes in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning EROFS, LZMA, or NULL pointer dereference in z_erofs_lzma_decompress
Network Indicators:
- None - this is a local filesystem vulnerability
SIEM Query:
Search for kernel panic/crash logs containing 'EROFS', 'LZMA', or 'NULL pointer dereference'