CVE-2023-53988

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ntfs3 file system related to out-of-bounds read access in the hdr delete de() function. Specifically, a flaw exists where the kernel does not validate the index header before using metadata within the INDEX HDR structure. This can lead to out-of-bounds access when processing corrupted or maliciously crafted file system images, potentially causing a kernel panic. The issue was identified through a bug report from syzbot, which detected a slab-out-of-bounds read during testing. The memmove function in mm/kasan/shadow.c and functions indx delete entry, ni remove name, ntfs unlink inode, and ntfs rename are involved in the call trace.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.