DEBIAN-CVE-2023-54063

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-54063
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54063.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54063
Upstream
Published
2025-12-24T13:16:08.117Z
Modified
2025-12-25T11:14:27.903259Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indxinsertintobuffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630 Call Trace: <TASK> memmove+0x25/0x60 mm/kasan/shadow.c:54 indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 indxinsertentry+0x446/0x6b0 fs/ntfs3/index.c:1863 ntfscreateinode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548 ntfscreate+0x3e/0x60 fs/ntfs3/namei.c:100 lookupopen fs/namei.c:3413 [inline] If the member struct INDEXBUFFER *index of struct indx_node is incorrect, that is, the value of __le32 used is greater than the value of __le32 total in struct INDEXHDR. Therefore, OOB read occurs when memmove is called in indxinsertintobuffer(). Fix this by adding a check in hdrfinde().

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.37-1

Affected versions

6.*
6.1.27-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54063.json"

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54063.json"

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54063.json"