DEBIAN-CVE-2023-53420
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53420
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53420.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53420
- Upstream
- Published
- 2025-09-18T16:15:45Z
- Modified
- 2025-09-30T05:19:00.600939Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfslistxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfslistea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfslistxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfslistea fs/ntfs3/xattr.c:191 [inline] ntfslistxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfslistxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804 Fix the logic of eaall iteration. When the ea->namelen is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop. [almaz.alexandrovich@paragon-software.com: lines of the patch have changed]
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.52-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source