Description

In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632 Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804 Fix the logic of ea_all iteration. When the ea->name_len is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop. [[email protected]: lines of the patch have changed]

INFO

Published Date :

2025-09-18T16:04:03.754Z

Last Modified :

2026-01-14T19:13:10.492Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53420 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53420.

URL Resource
https://git.kernel.org/stable/c/3c675ddffb17a8b1e32efad5c983254af18b12c2 cve-icon cve-icon
https://git.kernel.org/stable/c/721b75ea2dfce53a8890dff92ae01afca8e74f88 cve-icon cve-icon
https://git.kernel.org/stable/c/c86a2517df6c9304db8fb12b77136ec7a5d85994 cve-icon cve-icon
https://git.kernel.org/stable/c/f3380d895e28a32632eb3609f5bd515adee4e5a1 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53420-e1ce@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53420 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53420 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact