CVE-2023-52631
fs/ntfs3: Fix an NULL dereference bug
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The
"size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow
on a 64bit systems but on 32bit systems the "+ 1023" can overflow and
the result is zero. This means that the kmalloc will succeed by
returning the ZERO_SIZE_PTR and then the memcpy() will crash with an
Oops on the next line.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/ntfs3: corrige un error de desreferencia NULL El problema aquí es cuando se llama desde ntfs_load_attr_list(). El "tamaño" proviene de le32_to_cpu(attr->res.data_size), por lo que no puede desbordarse en sistemas de 64 bits, pero en sistemas de 32 bits el "+ 1023" puede desbordarse y el resultado es cero. Esto significa que kmalloc tendrá éxito al devolver ZERO_SIZE_PTR y luego memcpy() fallará con un Ups en la siguiente línea.
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line.
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-06 CVE Reserved
- 2024-04-02 CVE Published
- 2024-12-19 CVE Updated
- 2025-04-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.149" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.1.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.78" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.6.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.17" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.7.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.7.5" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.8" | en |
Affected
| ||||||