CVE-2026-53023

Source
https://cve.org/CVERecord?id=CVE-2026-53023
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53023.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53023
Downstream
Published
2026-06-24T16:29:32.440Z
Modified
2026-07-08T08:13:44.085965442Z
Summary
fs/ntfs3: terminate the cached volume label after UTF-8 conversion
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: terminate the cached volume label after UTF-8 conversion

ntfsfillsuper() loads the on-disk volume label with utf16stoutf8s() and stores the result in sbi->volume.label. The converted label is later exposed through ntfs3labelshow() using %s, but utf16stoutf8s() only returns the number of bytes written and does not add a trailing NUL.

If the converted label fills the entire fixed buffer, ntfs3labelshow() can read past the end of sbi->volume.label while looking for a terminator.

Terminate the cached label explicitly after a successful conversion and clamp the exact-full case to the last byte of the buffer.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53023.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
82cae269cfa953032fbb8980a7d554d60fb00b17
Fixed
32b0686369e0afbb3549a0d93e2d8517da84cd30
Fixed
bc7a0c34c4ca259cfddf3bc18fc5b3c6411d26ed
Fixed
0b11fcbe80a59acdf58337d80ebb5f72201d73d6
Fixed
54d564b762389679e2f8fb9eeb20af7e82371e1c
Fixed
6136bbb054f7ab9f51ae99915541633b18bcef90
Fixed
5cd0707b81cb4589f00aec5c4c1288bd0980d2a4
Fixed
a6cd43fe9b083fa23fe1595666d5738856cb261a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53023.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53023.json"