CVE-2023-53486Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 96.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary check so that all attribute size will be properly examined while enumerating them. [ 169.181521] BUG: KASAN: slab-out-of-bounds in run_unpack+0x2e3/0x570 [ 169.183161] Read of size 1 at addr ffff8880094b6240 by task mount/247 [ 169.184046] [ 169.184925] CPU: 0 PID: 247 Comm: mount Not tainted 6.0.0-rc7+ #3 [ 169.185908] Hardware name: QEMU Stan

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel5.155.15.113+2
Debianlinux/linux_kernel< 6.1.82-1+2
CVEListV5linux/linux4534a70b7056fd4b9a1c6db5a4ce3c98546b291e1fd5b80c9339503f3eaa4db3051b37ac506beeab+4
debiandebian/linux< linux 6.1.82-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-638r-2hm7-3wj9: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and bounda2025-10-01
OSV
CVE-2023-53486: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance the attribute size check This combines the overflow and boundary2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: fs/ntfs3: Enhance the attribute size check2025-10-01
Debian
CVE-2023-53486: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: E...2023