Description
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.
References (4)
Core 4
Core References
Mailing List, Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b
Third Party Advisory, VDB Entry
https://security.netapp.com/advisory/ntap-20230703-0004/
Exploit, Third Party Advisory
https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72
Scores
CVSS v3
7.1
EPSS
0.0001
EPSS Percentile
1.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (6)
linux/linux_kernel
5.15 - 5.15.121
netapp/h300s
netapp/h410c
netapp/h410s
netapp/h500s
netapp/h700s
Published
May 31, 2023
Tracked Since
Feb 18, 2026