CVE-2023-54125

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc1+ #4

Description The Linux kernel contains a flaw within the ntfs3 file system related to handling extended attributes. Specifically, the ntfs read ea function does not properly return an error code for inconsistent extended attributes, potentially leading to unpredictable memory access after the function returns. This issue was identified through Kernel Address Sanitizer (KASAN) reporting a use-after-free condition in the ntfs set ea function. The vulnerability can be triggered when setting extended attributes via the setxattr system call, ultimately impacting the path setxattr function.

Recommendations Update to a version of the Linux kernel newer than 6.2.0-rc1+ #4.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-04182

CVE-2023-54125

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Debian

Linux Kernel

Ntfs3

CVE-2023-54125

Weakness Enumeration

Related Identifiers

Affected Products

References · 1458