5.5

CVE-2023-52631

fs/ntfs3: Fix an NULL dereference bug

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix an NULL dereference bug

The issue here is when this is called from ntfs_load_attr_list().  The
"size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow
on a 64bit systems but on 32bit systems the "+ 1023" can overflow and
the result is zero.  This means that the kmalloc will succeed by
returning the ZERO_SIZE_PTR and then the memcpy() will crash with an
Oops on the next line.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.149
LinuxLinux Kernel Version >= 5.16 < 6.1.78
LinuxLinux Kernel Version >= 6.2 < 6.6.17
LinuxLinux Kernel Version >= 6.7 < 6.7.5
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.129
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/686820fe141ea0220fc6fdfc7e5694f915cf64b2
Patch
https://git.kernel.org/stable/c/ae4acad41b0f93f1c26cc0fc9135bb79d8282d0b
Patch
https://git.kernel.org/stable/c/b2dd7b953c25ffd5912dda17e980e7168bebcf6c
Patch
https://git.kernel.org/stable/c/ec1bedd797588fe38fc11cba26d77bb1d9b194c6
Patch
https://git.kernel.org/stable/c/fb7bcd1722bc9bc55160378f5f99c01198fd14a7
Patch