-

CVE-2023-54063

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix OOB read in indx_insert_into_buffer

Syzbot reported a OOB read bug:

BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0
fs/ntfs3/index.c:1755
Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630

Call Trace:
 <TASK>
 memmove+0x25/0x60 mm/kasan/shadow.c:54
 indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755
 indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863
 ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548
 ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100
 lookup_open fs/namei.c:3413 [inline]

If the member struct INDEX_BUFFER *index of struct indx_node is
incorrect, that is, the value of __le32 used is greater than the value
of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when
memmove is called in indx_insert_into_buffer().
Fix this by adding a check in hdr_find_e().
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < cd7e1d67924081717c5c96ead758a1a77867689a
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Status affected
Version < 17048287ac79abd33b275ac3b5738285d406481b
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Status affected
Version < a7e5dba10ba1402dd6c2f961a70320770865c4a5
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Status affected
Version < 4bf3b564e27a518f158a83d5e1a50064ed6136a0
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Status affected
Version < b8c44949044e5f7f864525fdffe8e95135ce9ce5
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.15
Status affected
Version < 5.15
Version 0
Status unaffected
Version <= 5.15.*
Version 5.15.111
Status unaffected
Version <= 6.1.*
Version 6.1.28
Status unaffected
Version <= 6.2.*
Version 6.2.15
Status unaffected
Version <= 6.3.*
Version 6.3.2
Status unaffected
Version <= *
Version 6.4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.065
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.