DEBIAN-CVE-2023-53988
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53988
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53988.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53988
- Upstream
- Published
- 2025-12-24T11:15:51.697Z
- Modified
- 2025-12-25T11:14:42.561512Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdrdeletede() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631 Call Trace: memmove+0x25/0x60 mm/kasan/shadow.c:54 hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 indxdeleteentry+0x74f/0x3670 fs/ntfs3/index.c:2193 niremovename+0x27a/0x980 fs/ntfs3/frecord.c:2910 ntfsunlinkinode+0x3d4/0x720 fs/ntfs3/inode.c:1712 ntfsrename+0x41a/0xcb0 fs/ntfs3/namei.c:276 Before using the meta-data in struct INDEXHDR, we need to check index header valid or not. Otherwise, the corruptedi (or malicious) fs image can cause out-of-bounds access which could make kernel panic.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source