CVE-2023-52640

EPSS 0.03%
Veröffentlicht 03.04.2024 17:15:47
Zuletzt bearbeitet 27.02.2025 21:59:09
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix oob in ntfs_listxattr

The length of name cannot exceed the space occupied by ea.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.15.150

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.80

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.19

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.7

Linux ≫ Linux Kernel Version6.8 Updaterc1

Linux ≫ Linux Kernel Version6.8 Updaterc2

Linux ≫ Linux Kernel Version6.8 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/0830c5cf19bdec50d0ede4755ddc463663deb21c

Patch

https://git.kernel.org/stable/c/52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23

Patch

https://git.kernel.org/stable/c/6ed6cdbe88334ca3430c5aee7754dc4597498dfb

Patch

https://git.kernel.org/stable/c/731ab1f9828800df871c5a7ab9ffe965317d3f15

Patch

https://git.kernel.org/stable/c/a585faf0591548fe0920641950ebfa8a6eefe1cd

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52640

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52640

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52640

EUVD