CVE-2023-52631

2024-04-0200:00:00

ubuntu.com

linux kernel

vulnerability resolved

null dereference bug

fs/ntfs3

32bit systems

kmalloc

memcpy()

AI Score

7.7

Confidence

High

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called
from ntfs_load_attr_list(). The “size” comes from
le32_to_cpu(attr->res.data_size) so it can’t overflow on a 64bit systems
but on 32bit systems the “+ 1023” can overflow and the result is zero. This
means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then
the memcpy() will crash with an Oops on the next line.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-106.116UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-44.44UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1061.67UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1061.67~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< 6.5.0-1023.23~22.04.1UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1063.72UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1063.72~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-6.5< 6.5.0-1024.25~22.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-fde< 5.15.0-1063.72.1UNKNOWN
ubuntu20.04noarchlinux-azure-fde-5.15< 5.15.0-1063.72~20.04.1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< 5.15.0-106.116	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-44.44	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1061.67	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1061.67~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< 6.5.0-1023.23~22.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1063.72	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< 5.15.0-1063.72~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< 6.5.0-1024.25~22.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-azure-fde	< 5.15.0-1063.72.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure-fde-5.15	< 5.15.0-1063.72~20.04.1.1	UNKNOWN