Medium severity5.5NVD Advisory· Published May 31, 2023· Updated Jun 17, 2026
CVE-2023-34256
CVE-2023-34256
Description
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
6- bugzilla.suse.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3nvdMailing ListPatch
- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/nvdMailing ListPatch
- syzkaller.appspot.com/bugnvdMailing ListPatch
- lists.debian.org/debian-lts-announce/2023/07/msg00030.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlnvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.