Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indx_insert_into_buffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630 Call Trace: <TASK> memmove+0x25/0x60 mm/kasan/shadow.c:54 indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863 ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548 ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100 lookup_open fs/namei.c:3413 [inline] If the member struct INDEX_BUFFER *index of struct indx_node is incorrect, that is, the value of __le32 used is greater than the value of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when memmove is called in indx_insert_into_buffer(). Fix this by adding a check in hdr_find_e().

INFO

Published Date :

2025-12-24T12:23:09.346Z

Last Modified :

2025-12-24T12:23:09.346Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-54063 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-54063.

URL Resource
https://git.kernel.org/stable/c/17048287ac79abd33b275ac3b5738285d406481b cve-icon cve-icon
https://git.kernel.org/stable/c/4bf3b564e27a518f158a83d5e1a50064ed6136a0 cve-icon cve-icon
https://git.kernel.org/stable/c/a7e5dba10ba1402dd6c2f961a70320770865c4a5 cve-icon cve-icon
https://git.kernel.org/stable/c/b8c44949044e5f7f864525fdffe8e95135ce9ce5 cve-icon cve-icon
https://git.kernel.org/stable/c/cd7e1d67924081717c5c96ead758a1a77867689a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025122429-CVE-2023-54063-e78c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-54063 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-54063 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System