CVE-2023-53420
EUVD-2025-2988418.09.2025, 16:15
In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804 Fix the logic of ea_all iteration. When the ea->name_len is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop. [almaz.alexandrovich@paragon-software.com: lines of the patch have changed]Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.15 ≤ 𝑥 < 5.15.121 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.39 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.4.4 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| kernel-64kb |
| ||||||||||||
| kernel-azure |
| ||||||||||||
| kernel-default |
| ||||||||||||
| kernel-default-base |
| ||||||||||||
| kernel-obs-build |
| ||||||||||||
| kernel-source |
| ||||||||||||
| kernel-source-azure |
| ||||||||||||
| kernel-zfcpdump |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| bpftool |
| ||
| bpftool-debuginfo |
| ||
| kernel |
| ||
| kernel-debuginfo |
| ||
| kernel-debuginfo-common-aarch64 |
| ||
| kernel-debuginfo-common-x86_64 |
| ||
| kernel-devel |
| ||
| kernel-headers |
| ||
| kernel-libbpf |
| ||
| kernel-libbpf-devel |
| ||
| kernel-libbpf-static |
| ||
| kernel-livepatch-6.1.41-63.109 |
| ||
| kernel-tools |
| ||
| kernel-tools-debuginfo |
| ||
| kernel-tools-devel |
| ||
| perf |
| ||
| perf-debuginfo |
| ||
| python3-perf |
| ||
| python3-perf-debuginfo |
|
Common Weakness Enumeration