CVE-2023-5368

EUVD-2023-57684
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.

This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
𝑥
< 12.4
freebsdfreebsd
13.0 ≤
𝑥
< 13.2
freebsdfreebsd
12.4
freebsdfreebsd
12.4:p1
freebsdfreebsd
12.4:p2
freebsdfreebsd
12.4:p3
freebsdfreebsd
12.4:p4
freebsdfreebsd
12.4:p5
freebsdfreebsd
13.2
freebsdfreebsd
13.2:p1
freebsdfreebsd
13.2:p2
freebsdfreebsd
13.2:p3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc
https://security.netapp.com/advisory/ntap-20231124-0004/
https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc
https://security.netapp.com/advisory/ntap-20231124-0004/