CVE-2023-52631

Summary

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix an NULL dereference bug

The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbe71b5cba2e6485e8959da7a9f9a44461a1bb074 < ae4acad41b0f93f1c26cc0fc9135bb79d8282d0baffected
LinuxLinuxbe71b5cba2e6485e8959da7a9f9a44461a1bb074 < ec1bedd797588fe38fc11cba26d77bb1d9b194c6affected
LinuxLinuxbe71b5cba2e6485e8959da7a9f9a44461a1bb074 < fb7bcd1722bc9bc55160378f5f99c01198fd14a7affected
LinuxLinuxbe71b5cba2e6485e8959da7a9f9a44461a1bb074 < 686820fe141ea0220fc6fdfc7e5694f915cf64b2affected
LinuxLinuxbe71b5cba2e6485e8959da7a9f9a44461a1bb074 < b2dd7b953c25ffd5912dda17e980e7168bebcf6caffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.78 <= 6.1.*unaffected
LinuxLinux6.6.17 <= 6.6.*unaffected
LinuxLinux6.7.5 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References