CVE-2023-53260

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53260
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53260.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53260
Downstream
Related
Published
2025-09-15T14:46:31Z
Modified
2025-10-21T15:28:34.000194Z
Summary
ovl: fix null pointer dereference in ovl_permission()
Details

In the Linux kernel, the following vulnerability has been resolved:

ovl: fix null pointer dereference in ovl_permission()

Following process: P1 P2 pathlookupat linkpathwalk inodepermission ovlpermission ovlipathreal(inode, &realpath) path->dentry = ovlidentryupper(inode) dropcache dentrykill(ovldentry) iput(ovlinode) ovldestroyinode(ovlinode) dput(oi->upperdentry) dentrykill(upperdentry) dentryunlinkinode upperdentry->dinode = NULL realinode = dinode(realpath.dentry) // return NULL inodepermission(realinode) inode->isb // NULL pointer dereference , will trigger an null pointer dereference at realinode: [ 335.664979] BUG: kernel NULL pointer dereference, address: 0000000000000002 [ 335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0 [ 335.669956] RIP: 0010:inodepermission+0x33/0x2c0 [ 335.678939] Call Trace: [ 335.679165] <TASK> [ 335.679371] ovlpermission+0xde/0x320 [ 335.679723] inodepermission+0x15e/0x2c0 [ 335.680090] linkpathwalk+0x115/0x550 [ 335.680771] pathlookupat.isra.0+0xb2/0x200 [ 335.681170] filenamelookup+0xda/0x240 [ 335.681922] vfsstatx+0xa6/0x1f0 [ 335.682233] vfsfstatat+0x7b/0xb0

Fetch a reproducer in [Link].

Use the helper ovlipath_realinode() to get realinode and then do non-nullptr checking.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4b7791b2e95805eaa9568761741d33cf929c930c
Fixed
53dd2ca2c02fdcfe3aad2345091d371063f97d17
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4b7791b2e95805eaa9568761741d33cf929c930c
Fixed
69f9ae7edf9ec0ff500429101923347fcba5c8c4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4b7791b2e95805eaa9568761741d33cf929c930c
Fixed
1a73f5b8f079fd42a544c1600beface50c63af7c

Affected versions

v5.*

v5.18
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.2
v6.4.3

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@53dd2ca2c02fdcfe3aad2345091d371063f97d17",
        "target": {
            "function": "ovl_permission",
            "file": "fs/overlayfs/inode.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-53260-4dc4f302",
        "digest": {
            "function_hash": "148123440981662978004032463776134875285",
            "length": 640.0
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@53dd2ca2c02fdcfe3aad2345091d371063f97d17",
        "target": {
            "file": "fs/overlayfs/inode.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-53260-70e0d30c",
        "digest": {
            "line_hashes": [
                "170043098391656221847578075928577019098",
                "32975670672430431655816707614054643363",
                "78444291089231329588542113883064379652",
                "276338156773259342743887566345097669685",
                "59135680421780167585339442913115207874",
                "48566610639837235965534568640102860177",
                "300101434056908191329195357824899477136",
                "147114574339013249201481558319871741545",
                "179810709283614535465416365844180245681"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69f9ae7edf9ec0ff500429101923347fcba5c8c4",
        "target": {
            "file": "fs/overlayfs/inode.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-53260-9c91136c",
        "digest": {
            "line_hashes": [
                "170043098391656221847578075928577019098",
                "32975670672430431655816707614054643363",
                "78444291089231329588542113883064379652",
                "276338156773259342743887566345097669685",
                "59135680421780167585339442913115207874",
                "195472053211201335602119625530219076278",
                "300101434056908191329195357824899477136",
                "147114574339013249201481558319871741545",
                "179810709283614535465416365844180245681"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69f9ae7edf9ec0ff500429101923347fcba5c8c4",
        "target": {
            "function": "ovl_permission",
            "file": "fs/overlayfs/inode.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-53260-9ef3177a",
        "digest": {
            "function_hash": "292378772158518079693812449969723586094",
            "length": 641.0
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a73f5b8f079fd42a544c1600beface50c63af7c",
        "target": {
            "file": "fs/overlayfs/inode.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-53260-d38df870",
        "digest": {
            "line_hashes": [
                "170043098391656221847578075928577019098",
                "32975670672430431655816707614054643363",
                "78444291089231329588542113883064379652",
                "276338156773259342743887566345097669685",
                "59135680421780167585339442913115207874",
                "195472053211201335602119625530219076278",
                "300101434056908191329195357824899477136",
                "147114574339013249201481558319871741545",
                "179810709283614535465416365844180245681"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a73f5b8f079fd42a544c1600beface50c63af7c",
        "target": {
            "function": "ovl_permission",
            "file": "fs/overlayfs/inode.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-53260-e8e87681",
        "digest": {
            "function_hash": "292378772158518079693812449969723586094",
            "length": 641.0
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.43
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.4.4