CVE-2023-53420

EPSS 0.02%
Veröffentlicht 18.09.2025 16:15:45
Zuletzt bearbeitet 19.09.2025 16:00:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()

Here is a BUG report from syzbot:

BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]
BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710
Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632

Call Trace:
 ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]
 ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710
 vfs_listxattr fs/xattr.c:457 [inline]
 listxattr+0x293/0x2d0 fs/xattr.c:804

Fix the logic of ea_all iteration. When the ea->name_len is 0,
return immediately, or Add2Ptr() would visit invalid memory
in the next loop.

[almaz.alexandrovich@paragon-software.com: lines of the patch have changed]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < f3380d895e28a32632eb3609f5bd515adee4e5a1

Version be71b5cba2e6485e8959da7a9f9a44461a1bb074

Status affected

Version < c86a2517df6c9304db8fb12b77136ec7a5d85994

Version be71b5cba2e6485e8959da7a9f9a44461a1bb074

Status affected

Version < 721b75ea2dfce53a8890dff92ae01afca8e74f88

Version be71b5cba2e6485e8959da7a9f9a44461a1bb074

Status affected

Version < 3c675ddffb17a8b1e32efad5c983254af18b12c2

Version be71b5cba2e6485e8959da7a9f9a44461a1bb074

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.121

Status unaffected

Version <= 6.1.*

Version 6.1.39

Status unaffected

Version <= 6.4.*

Version 6.4.4

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.046

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/3c675ddffb17a8b1e32efad5c983254af18b12c2

https://git.kernel.org/stable/c/721b75ea2dfce53a8890dff92ae01afca8e74f88

https://git.kernel.org/stable/c/c86a2517df6c9304db8fb12b77136ec7a5d85994

https://git.kernel.org/stable/c/f3380d895e28a32632eb3609f5bd515adee4e5a1

https://nvd.nist.gov/vuln/detail/CVE-2023-53420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53420

EUVD