CVE-2023-53420
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53420
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53420.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53420
- Downstream
- Published
- 2025-09-18T16:15:45Z
- Modified
- 2025-09-19T16:00:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
Here is a BUG report from syzbot:
BUG: KASAN: slab-out-of-bounds in ntfslistea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632
Call Trace: ntfslistea fs/ntfs3/xattr.c:191 [inline] ntfslistxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfslistxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804
Fix the logic of eaall iteration. When the ea->namelen is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop.
[almaz.alexandrovich@paragon-software.com: lines of the patch have changed]
- References