CVE-2023-53988 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631 Call Trace: memmove+0x25/0x60 mm/kasan/shadow.c:54 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910 ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712 ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276 Before using the meta-data in struct INDEX_HDR, we need to check index header valid or not. Otherwise, the corruptedi (or malicious) fs image can cause out-of-bounds access which could make kernel panic.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/114204d25e1dffdd3a0c1cfbba219afd344f4b4f
https://git.kernel.org/stable/c/4a034ece7e2877673d9085d6e7ed45e6ee40b761
https://git.kernel.org/stable/c/9163a5b4ed290da4a7d23fa92533e0e81fd0166e
https://git.kernel.org/stable/c/ab84eee4c7ab929996602eda7832854c35a6dda2
https://git.kernel.org/stable/c/c58ea97aa94f033ee64a8cb6587d84a9849b6216

History

Wed, 24 Dec 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631 Call Trace: memmove+0x25/0x60 mm/kasan/shadow.c:54 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910 ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712 ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276 Before using the meta-data in struct INDEX_HDR, we need to check index header valid or not. Otherwise, the corruptedi (or malicious) fs image can cause out-of-bounds access which could make kernel panic.
Title		fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/114204d25e1dffdd3a0c1cfbba219afd344f4b4f https://git.kernel.org/stable/c/4a034ece7e2877673d9085d6e7ed45e6ee40b761 https://git.kernel.org/stable/c/9163a5b4ed290da4a7d23fa92533e0e81fd0166e https://git.kernel.org/stable/c/ab84eee4c7ab929996602eda7832854c35a6dda2 https://git.kernel.org/stable/c/c58ea97aa94f033ee64a8cb6587d84a9849b6216

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T10:55:27.762Z

Updated: 2025-12-24T10:55:27.762Z

Reserved: 2025-12-24T10:53:46.175Z

Link: CVE-2023-53988

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T11:15:51.697

Modified: 2025-12-24T11:15:51.697

Link: CVE-2023-53988

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object