CVE-2023-54125Linux vulnerability

7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Return error for inconsistent extended attributes ntfs_read_ea is called when we want to read extended attributes. There are some sanity checks for the validity of the EAs. However, it fails to return a proper error code for the inconsistent attributes, which might lead to unpredicted memory accesses after return. [ 138.916927] BUG: KASAN: use-after-free in ntfs_set_ea+0x453/0xbf0 [ 138.923876] Write of size 4 at ad

Affected Packages4 packages

Linuxlinux/linux_kernel6.2.06.4.12
Debianlinux/linux_kernel< 6.4.13-1+1
CVEListV5linux/linux0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b1474098b590a426d90f27bb992f17c326e0b60c1+4
debiandebian/linux< linux 6.4.13-1 (forky)

🔴Vulnerability Details

3
OSV
fs/ntfs3: Return error for inconsistent extended attributes2025-12-24
OSV
CVE-2023-54125: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Return error for inconsistent extended attributes ntfs_read_ea is called2025-12-24
GHSA
GHSA-7223-2xhw-36wm: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Return error for inconsistent extended attributes ntfs_read_ea is call2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: fs/ntfs3: Return error for inconsistent extended attributes2025-12-24
Debian
CVE-2023-54125: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: R...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54125 Impact, Exploitability, and Mitigation Steps | Wiz