7.1
CVE-2023-52640
- EPSS 0.24%
- Veröffentlicht 03.04.2024 17:15:47
- Zuletzt bearbeitet 27.02.2025 21:59:09
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
fs/ntfs3: Fix oob in ntfs_listxattr
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.15.150
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.80
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.19
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.7
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.153 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://git.kernel.org/stable/c/0830c5cf19bdec50d0ede4755ddc463663deb21c
https://git.kernel.org/stable/c/52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23
https://git.kernel.org/stable/c/6ed6cdbe88334ca3430c5aee7754dc4597498dfb
https://git.kernel.org/stable/c/731ab1f9828800df871c5a7ab9ffe965317d3f15
https://git.kernel.org/stable/c/a585faf0591548fe0920641950ebfa8a6eefe1cd