CVE-2023-52631
fs/ntfs3: Fix an NULL dereference bug
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The
"size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow
on a 64bit systems but on 32bit systems the "+ 1023" can overflow and
the result is zero. This means that the kmalloc will succeed by
returning the ZERO_SIZE_PTR and then the memcpy() will crash with an
Oops on the next line.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/ntfs3: corrige un error de desreferencia NULL El problema aquí es cuando se llama desde ntfs_load_attr_list(). El "tamaño" proviene de le32_to_cpu(attr->res.data_size), por lo que no puede desbordarse en sistemas de 64 bits, pero en sistemas de 32 bits el "+ 1023" puede desbordarse y el resultado es cero. Esto significa que kmalloc tendrá éxito al devolver ZERO_SIZE_PTR y luego memcpy() fallará con un Ups en la siguiente línea.
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-06 CVE Reserved
- 2024-04-02 CVE Published
- 2024-04-02 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/be71b5cba2e6485e8959da7a9f9a44461a1bb074 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.149" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.1.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.78" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.6.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.17" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.7.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.7.5" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.8" | en |
Affected
| ||||||