CVE-2023-52526 is a vulnerability identified in the Linux kernel's implementation of the EROFS (Enhanced Read-Only File System) feature, specifically related to the microLZMA compression algorithm with the global compressed deduplication feature enabled (activated via the '-Ededupe' option). The issue involves a memory leak caused by the improper release of short-lived temporary pages during the decompression and deduplication process. This flaw leads to a gradual consumption of system memory, which can eventually trigger unexpected out-of-memory (OOM) conditions after prolonged system operation under stress conditions. Notably, this memory leak is specific to the LZMA compression method within EROFS and does not affect other compression algorithms such as LZ4 or DEFLATE. The vulnerability was discovered during stress testing of EROFS images using the microLZMA compression with deduplication enabled. The Linux kernel versions affected include those around the commit hash 5c2a64252c5dc4cfe78e5b2a531c118894e3d155. The issue has been publicly disclosed and patched, although no known exploits are currently reported in the wild. Since this vulnerability pertains to a memory leak rather than a direct code execution or privilege escalation flaw, exploitation would primarily result in resource exhaustion rather than immediate compromise of confidentiality or integrity.

For European organizations, the impact of CVE-2023-52526 centers on system stability and availability. Systems running Linux kernels with the affected EROFS microLZMA deduplication feature enabled may experience gradual memory depletion leading to unexpected OOM events. This can cause service interruptions, degraded performance, or crashes in critical infrastructure, especially in environments where EROFS is used for read-only file systems with LZMA compression and deduplication enabled. Such environments might include embedded systems, network appliances, or specialized storage solutions. While the vulnerability does not directly expose data or allow unauthorized access, the resulting denial-of-service conditions could disrupt business operations, particularly in sectors relying heavily on Linux-based systems such as telecommunications, cloud service providers, and industrial control systems. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to stability issues under heavy load or prolonged operation.

To mitigate CVE-2023-52526, European organizations should: 1) Apply the latest Linux kernel patches that address the memory leak in the EROFS microLZMA global compressed deduplication feature as soon as possible. 2) If patching is not immediately feasible, consider disabling the global compressed deduplication feature ('-Ededupe') for microLZMA compressed EROFS images to prevent the memory leak from occurring. 3) Monitor system memory usage closely on affected systems, especially those utilizing EROFS with LZMA compression, to detect early signs of memory exhaustion. 4) Conduct thorough testing of EROFS configurations in staging environments to identify potential memory leaks under load before deployment. 5) Review and update operational procedures to include kernel version checks and configuration audits for EROFS usage. 6) Engage with Linux distribution vendors and maintain awareness of updates related to EROFS and compression features to ensure timely patching.