CVE-2023-52497 is a vulnerability identified in the Linux kernel's EROFS (Enhanced Read-Only File System) implementation, specifically related to the LZ4 inplace decompression mechanism. EROFS uses LZ4 compression for data storage efficiency, and the decompression process involves mapping compressed data buffers in memory. The vulnerability arises because EROFS maps two separate virtual buffers for inplace decompression, but the relative order of these buffers is uncertain. LZ4 decompression expects compressed data to be arranged at the end of the decompressed buffer and uses memmove() to handle overlapping memory regions during decompression. While this approach worked on most architectures (notably x86 and ARM64) due to their memmove implementations masking the issue, newer Intel x86 processors with the FSRM (Fast Short Rep Movsb) feature expose data corruption caused by this incorrect buffer mapping. The root cause is that the decompression algorithm relies on assumptions about buffer layout and overlapping memory moves that are invalidated by the way EROFS currently maps buffers. This can lead to data corruption during decompression, potentially affecting file system integrity and reliability. The fix involves strictly using the decompressed buffer for LZ4 inplace decompression to ensure correct memory ordering and prevent corruption. No known exploits are reported in the wild yet, and no CVSS score has been assigned. However, the issue is significant because it affects core Linux kernel functionality related to file system data integrity on newer hardware platforms.

For European organizations, the impact of this vulnerability could be substantial, especially for those relying on Linux-based systems with EROFS file systems, such as embedded devices, IoT infrastructure, or specialized storage solutions. Data corruption during decompression can lead to file system inconsistencies, application crashes, or data loss, undermining system reliability and availability. Critical infrastructure operators, cloud service providers, and enterprises using Linux servers or appliances with EROFS may experience degraded service or require emergency patching. Although no active exploitation is known, the vulnerability's exposure on newer Intel processors means that organizations upgrading hardware or running recent Linux kernels are at risk. The potential for silent data corruption complicates detection and remediation, increasing operational risk. Additionally, since Linux is widely used across European public and private sectors, the vulnerability could affect a broad range of industries, including telecommunications, manufacturing, and government services.

Organizations should prioritize updating their Linux kernels to versions where this vulnerability is fixed, ensuring that the EROFS implementation uses the corrected decompression logic. Specifically, kernel maintainers and system administrators must apply patches that enforce strict use of the decompressed buffer for LZ4 inplace decompression. For environments using custom or embedded Linux distributions, vendors should be contacted to provide updated kernel builds. Additionally, organizations should audit systems running on newer Intel x86 processors with FSRM to identify vulnerable deployments. Monitoring file system integrity and implementing robust backup and recovery procedures can mitigate data loss risks. Testing critical applications and storage systems for data corruption after kernel updates is recommended. Where possible, temporarily avoiding the use of EROFS on affected hardware until patches are applied can reduce exposure. Finally, organizations should stay informed of any emerging exploit reports or additional patches related to this vulnerability.