CVE-2023-53420
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804 Fix the logic of ea_all iteration. When the ea->name_len is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop. [[email protected]: lines of the patch have changed]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-18
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53420
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15 (inc) to 5.15.121 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.39 (exc)
linux linux_kernel From 6.2 (inc) to 6.4.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the Linux kernel's NTFS file system code, specifically in the ntfs_listxattr() function. It causes a slab-out-of-bounds memory access (reading beyond allocated memory) due to incorrect handling of extended attribute iteration when the attribute name length is zero. This can lead to a kernel panic (system crash). The fix involves correcting the logic to immediately return when an attribute name length is zero to prevent invalid memory access.

Impact Analysis

This vulnerability can cause the Linux kernel to panic and crash when accessing NTFS file system extended attributes, potentially leading to system instability or denial of service. It may affect systems that mount or interact with NTFS file systems, causing unexpected reboots or downtime.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53420. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart