CVE-2023-53420

In the Linux kernel, the following vulnerability has been resolved:

ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()

Here is a BUG report from syzbot:

BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]
BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710
Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632

Call Trace:
 ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]
 ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710
 vfs_listxattr fs/xattr.c:457 [inline]
 listxattr+0x293/0x2d0 fs/xattr.c:804

Fix the logic of ea_all iteration. When the ea->name_len is 0,
return immediately, or Add2Ptr() would visit invalid memory
in the next loop.

[almaz.alexandrovich@paragon-software.com: lines of the patch have changed]
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.16.7-1
fixed
sid
6.16.7-1
fixed
References
https://git.kernel.org/stable/c/3c675ddffb17a8b1e32efad5c983254af18b12c2
https://git.kernel.org/stable/c/721b75ea2dfce53a8890dff92ae01afca8e74f88
https://git.kernel.org/stable/c/c86a2517df6c9304db8fb12b77136ec7a5d85994
https://git.kernel.org/stable/c/f3380d895e28a32632eb3609f5bd515adee4e5a1