CVE-2023-53486

[ 169.181521] BUG: KASAN: slab-out-of-bounds in rununpack+0x2e3/0x570 [ 169.183161] Read of size 1 at addr ffff8880094b6240 by task mount/247 [ 169.184046] [ 169.184925] CPU: 0 PID: 247 Comm: mount Not tainted 6.0.0-rc7+ #3 [ 169.185908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 169.187066] Call Trace: [ 169.187492] <TASK> [ 169.188049] dumpstacklvl+0x49/0x63 [ 169.188495] printreport.cold+0xf5/0x689 [ 169.188964] ? rununpack+0x2e3/0x570 [ 169.189331] kasanreport+0xa7/0x130 [ 169.189714] ? rununpack+0x2e3/0x570 [ 169.190079] _asanload1+0x51/0x60 [ 169.190634] rununpack+0x2e3/0x570 [ 169.191290] ? runpack+0x840/0x840 [ 169.191569] ? runlookupentry+0xb3/0x1f0 [ 169.192443] ? mienumattr+0x20a/0x230 [ 169.192886] rununpackex+0xad/0x3e0 [ 169.193276] ? rununpack+0x570/0x570 [ 169.193557] ? niloadmi+0x80/0x80 [ 169.193889] ? debugsmpprocessorid+0x17/0x20 [ 169.194236] ? miinit+0x4a/0x70 [ 169.194496] attrloadrunsvcn+0x166/0x1c0 [ 169.194851] ? attrdatawriteresident+0x250/0x250 [ 169.195188] miread+0x133/0x2c0 [ 169.195481] ntfsiget5+0x277/0x1780 [ 169.196017] ? callrcu+0x1c7/0x330 [ 169.196392] ? ntfsgetblockbmap+0x70/0x70 [ 169.196708] ? evict+0x223/0x280 [ 169.197014] ? _kmalloc+0x33/0x540 [ 169.197305] ? wndinit+0x15b/0x1b0 [ 169.197599] ntfsfillsuper+0x1026/0x1ba0 [ 169.197994] ? putntfs+0x1d0/0x1d0 [ 169.198299] ? vsprintf+0x20/0x20 [ 169.198583] ? mutexunlock+0x81/0xd0 [ 169.198930] ? setblocksize+0x95/0x150 [ 169.199269] gettreebdev+0x232/0x370 [ 169.199750] ? putntfs+0x1d0/0x1d0 [ 169.200094] ntfsfsgettree+0x15/0x20 [ 169.200431] vfsgettree+0x4c/0x130 [ 169.200714] pathmount+0x654/0xfe0 [ 169.201067] ? putname+0x80/0xa0 [ 169.201358] ? finishautomount+0x2e0/0x2e0 [ 169.201965] ? putname+0x80/0xa0 [ 169.202445] ? kmemcachefree+0x1c4/0x440 [ 169.203075] ? putname+0x80/0xa0 [ 169.203414] domount+0xd6/0xf0 [ 169.203719] ? pathmount+0xfe0/0xfe0 [ 169.203977] ? _kasancheckwrite+0x14/0x20 [ 169.204382] _x64sysmount+0xca/0x110 [ 169.204711] dosyscall64+0x3b/0x90 [ 169.205059] entrySYSCALL64afterhwframe+0x63/0xcd [ 169.205571] RIP: 0033:0x7f67a80e948a [ 169.206327] Code: 48 8b 0d 11 fa 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 008 [ 169.208296] RSP: 002b:00007ffddf020f58 EFLAGS: 00000202 ORIGRAX: 00000000000000a5 [ 169.209253] RAX: ffffffffffffffda RBX: 000055e2547a6060 RCX: 00007f67a80e948a [ 169.209777] RDX: 000055e2547a6260 RSI: 000055e2547a62e0 RDI: 000055e2547aeaf0 [ 169.210342] RBP: 0000000000000000 R08: 000055e2547a6280 R09: 0000000000000020 [ 169.210843] R10: 00000000c0ed0000 R11: 0000000000000202 R12: 000055e2547aeaf0 [ 169.211307] R13: 000055e2547a6260 R14: 0000000000000000 R15: 00000000ffffffff [ 169.211913] </TASK> [ 169.212304] [ 169.212680] Allocated by task 0: [ 169.212963] (stack is not available) [ 169.213200] [ 169.213472] The buggy address belongs to the object at ffff8880094b5e00 [ 169.213472] which belongs to the cache UDP of size 1152 [ 169.214095] The buggy address is located 1088 bytes inside of [ 169.214095] 1152-byte region [ffff8880094b5e00, ffff8880094b6280) [ 169.214639] [ 169.215004] The buggy address belongs to the physical page: [ 169.215766] page:000000002e324c8c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x94b4 [ 169.218412] head:000000002e324c8c order:2 compoundmapcount:0 compoundpincount:0 [ 169.219078] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 169.220272] raw: 000fffffc0010200 ---truncated---

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53486.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4534a70b7056fd4b9a1c6db5a4ce3c98546b291e

Fixed

1fd5b80c9339503f3eaa4db3051b37ac506beeab

Fixed

277439e7cabd9d4c6334b39a4b99d49b4c97265b

Fixed

f28d9e02c2c242e8f9af9e13ba263fcc0211be49

Fixed

4f082a7531223a438c757bb20e304f4c941c67a8

Affected versions

v5.*

v5.14

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.100

v5.15.101

v5.15.102

v5.15.103

v5.15.104

v5.15.105

v5.15.106

v5.15.107

v5.15.108

v5.15.109

v5.15.11

v5.15.110

v5.15.111

v5.15.112

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.15.90

v5.15.91

v5.15.92

v5.15.93

v5.15.94

v5.15.95

v5.15.96

v5.15.97

v5.15.98

v5.15.99

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.7

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.3.1

v6.3.2

v6.3.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53486.json"

vanir_signatures

[
    {
        "id": "CVE-2023-53486-3df4dfd8",
        "digest": {
            "length": 1755.0,
            "function_hash": "74074321258443807963597045744770797740"
        },
        "signature_type": "Function",
        "target": {
            "file": "fs/ntfs3/record.c",
            "function": "mi_enum_attr"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fd5b80c9339503f3eaa4db3051b37ac506beeab",
        "deprecated": false
    },
    {
        "id": "CVE-2023-53486-43b70222",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "45930876182301543259267395953638298999",
                "97213208781875975857117240052813248092",
                "257525388712414431233557107346538116442",
                "263317793436770018611246382316548640527",
                "168953667026732418714807328662380549537",
                "15679720276182520376945410714292412997",
                "313102663343080651543978370091840457362",
                "13706635710734535129953885403858202800",
                "117142533129560525625207529043561358796",
                "328199405193103595676752051505009488826"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "fs/ntfs3/record.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@277439e7cabd9d4c6334b39a4b99d49b4c97265b",
        "deprecated": false
    },
    {
        "id": "CVE-2023-53486-454bf60e",
        "digest": {
            "length": 1749.0,
            "function_hash": "34655699807815500021654843340973470505"
        },
        "signature_type": "Function",
        "target": {
            "file": "fs/ntfs3/record.c",
            "function": "mi_enum_attr"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f082a7531223a438c757bb20e304f4c941c67a8",
        "deprecated": false
    },
    {
        "id": "CVE-2023-53486-6db09ba2",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "45930876182301543259267395953638298999",
                "97213208781875975857117240052813248092",
                "257525388712414431233557107346538116442",
                "263317793436770018611246382316548640527",
                "168953667026732418714807328662380549537",
                "15679720276182520376945410714292412997",
                "313102663343080651543978370091840457362",
                "13706635710734535129953885403858202800",
                "117142533129560525625207529043561358796",
                "328199405193103595676752051505009488826"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "fs/ntfs3/record.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f082a7531223a438c757bb20e304f4c941c67a8",
        "deprecated": false
    },
    {
        "id": "CVE-2023-53486-7ca690b9",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "45930876182301543259267395953638298999",
                "97213208781875975857117240052813248092",
                "257525388712414431233557107346538116442",
                "263317793436770018611246382316548640527",
                "168953667026732418714807328662380549537",
                "15679720276182520376945410714292412997",
                "313102663343080651543978370091840457362",
                "13706635710734535129953885403858202800",
                "117142533129560525625207529043561358796",
                "328199405193103595676752051505009488826"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "fs/ntfs3/record.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fd5b80c9339503f3eaa4db3051b37ac506beeab",
        "deprecated": false
    },
    {
        "id": "CVE-2023-53486-ec3d0985",
        "digest": {
            "length": 1755.0,
            "function_hash": "74074321258443807963597045744770797740"
        },
        "signature_type": "Function",
        "target": {
            "file": "fs/ntfs3/record.c",
            "function": "mi_enum_attr"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@277439e7cabd9d4c6334b39a4b99d49b4c97265b",
        "deprecated": false
    }
]

Git / github.com/gregkh/linux