| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091855-CVE-2023-53420-e1ce@gregkh> Date: Thu, 18 Sep 2025 18:04:11 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53420: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804 Fix the logic of ea_all iteration. When the ea->name_len is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop. [almaz.alexandrovich@...agon-software.com: lines of the patch have changed] The Linux kernel CVE team has assigned CVE-2023-53420 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15 with commit be71b5cba2e6485e8959da7a9f9a44461a1bb074 and fixed in 5.15.121 with commit f3380d895e28a32632eb3609f5bd515adee4e5a1 Issue introduced in 5.15 with commit be71b5cba2e6485e8959da7a9f9a44461a1bb074 and fixed in 6.1.39 with commit c86a2517df6c9304db8fb12b77136ec7a5d85994 Issue introduced in 5.15 with commit be71b5cba2e6485e8959da7a9f9a44461a1bb074 and fixed in 6.4.4 with commit 721b75ea2dfce53a8890dff92ae01afca8e74f88 Issue introduced in 5.15 with commit be71b5cba2e6485e8959da7a9f9a44461a1bb074 and fixed in 6.5 with commit 3c675ddffb17a8b1e32efad5c983254af18b12c2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53420 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ntfs3/xattr.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f3380d895e28a32632eb3609f5bd515adee4e5a1 https://git.kernel.org/stable/c/c86a2517df6c9304db8fb12b77136ec7a5d85994 https://git.kernel.org/stable/c/721b75ea2dfce53a8890dff92ae01afca8e74f88 https://git.kernel.org/stable/c/3c675ddffb17a8b1e32efad5c983254af18b12c2
Powered by blists - more mailing lists