-

CVE-2026-53023

fs/ntfs3: terminate the cached volume label after UTF-8 conversion

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: terminate the cached volume label after UTF-8 conversion

ntfs_fill_super() loads the on-disk volume label with utf16s_to_utf8s()
and stores the result in sbi->volume.label. The converted label is later
exposed through ntfs3_label_show() using %s, but utf16s_to_utf8s() only
returns the number of bytes written and does not add a trailing NUL.

If the converted label fills the entire fixed buffer,
ntfs3_label_show() can read past the end of sbi->volume.label while
looking for a terminator.

Terminate the cached label explicitly after a successful conversion and
clamp the exact-full case to the last byte of the buffer.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Version < 32b0686369e0afbb3549a0d93e2d8517da84cd30
Status affected
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Version < bc7a0c34c4ca259cfddf3bc18fc5b3c6411d26ed
Status affected
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Version < 0b11fcbe80a59acdf58337d80ebb5f72201d73d6
Status affected
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Version < 54d564b762389679e2f8fb9eeb20af7e82371e1c
Status affected
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Version < 6136bbb054f7ab9f51ae99915541633b18bcef90
Status affected
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Version < 5cd0707b81cb4589f00aec5c4c1288bd0980d2a4
Status affected
Version 82cae269cfa953032fbb8980a7d554d60fb00b17
Version < a6cd43fe9b083fa23fe1595666d5738856cb261a
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.15
Status affected
Version 0
Version < 5.15
Status unaffected
Version <= 5.15.*
Version 5.15.209
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.069
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/32b0686369e0afbb3549a0d93e2d8517da84cd30
https://git.kernel.org/stable/c/bc7a0c34c4ca259cfddf3bc18fc5b3c6411d26ed
https://git.kernel.org/stable/c/0b11fcbe80a59acdf58337d80ebb5f72201d73d6
https://git.kernel.org/stable/c/54d564b762389679e2f8fb9eeb20af7e82371e1c
https://git.kernel.org/stable/c/6136bbb054f7ab9f51ae99915541633b18bcef90
https://git.kernel.org/stable/c/5cd0707b81cb4589f00aec5c4c1288bd0980d2a4
https://git.kernel.org/stable/c/a6cd43fe9b083fa23fe1595666d5738856cb261a