CVE-2023-53420
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-12-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15 (inc) to 5.15.121 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.39 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.4.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a bug in the Linux kernel's NTFS file system code, specifically in the ntfs_listxattr() function. It causes a slab-out-of-bounds memory access (reading beyond allocated memory) due to incorrect handling of extended attribute iteration when the attribute name length is zero. This can lead to a kernel panic (system crash). The fix involves correcting the logic to immediately return when an attribute name length is zero to prevent invalid memory access.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to panic and crash when accessing NTFS file system extended attributes, potentially leading to system instability or denial of service. It may affect systems that mount or interact with NTFS file systems, causing unexpected reboots or downtime.