PT-2025-37899 · Linux+2 · Linux Kernel+2
Published
2023-03-27
·
Updated
2025-09-17
·
CVE-2023-53294
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The Linux kernel contains a null pointer dereference issue within the
ntfs3 file system. Specifically, the vulnerability occurs in the ntfs lookup() function when handling MFT records that are not base records, potentially leading to a null pointer dereference in inode->i op. This can occur during a directory search, specifically within the dir search u() function, and subsequently in d splice alias() and d flags for inode().Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Resource Release
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Ntfs3