CVE-2023-54077Missing Release of Memory after Effective Lifetime in Linux

7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfs_read_mft failed Label ATTR_ROOT in ntfs_read_mft() sets is_root = true and ni->ni_flags |= NI_FLAG_DIR, then next attr will goto label ATTR_ALLOC and alloc ni->dir.alloc_run. However two states are not always consistent and can make memory leak. 1) attr_name in ATTR_ROOT does not fit the condition it will set is_root = true but NI_FLAG_DIR is not set. 2) next attr_name in ATTR_ALLOC fits the

Affected Packages4 packages

Linuxlinux/linux_kernel5.15.05.15.111+3
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux82cae269cfa953032fbb8980a7d554d60fb00b173030f2b9b3329db3948c1a145a5493ca6f617d50+5
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54077: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfs_read_mft failed Label ATTR_ROOT in ntfs_read_mft2025-12-24
GHSA
GHSA-gg3g-2q75-6v65: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfs_read_mft failed Label ATTR_ROOT in ntfs_read_m2025-12-24
OSV
fs/ntfs3: Fix memory leak if ntfs_read_mft failed2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: fs/ntfs3: Fix memory leak if ntfs_read_mft failed2025-12-24
Debian
CVE-2023-54077: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: F...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54077 Impact, Exploitability, and Mitigation Steps | Wiz