CVE-2023-52640

HIGH

Linux Kernel < 5.15.150 - Out-of-Bounds Read in ntfs_listxattr

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/a585faf0591548fe0920641950ebfa8a6eefe1cd

Patch

https://git.kernel.org/stable/c/6ed6cdbe88334ca3430c5aee7754dc4597498dfb

Patch

https://git.kernel.org/stable/c/52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23

Patch

https://git.kernel.org/stable/c/0830c5cf19bdec50d0ede4755ddc463663deb21c

Patch

https://git.kernel.org/stable/c/731ab1f9828800df871c5a7ab9ffe965317d3f15

Scores

CVSS v3 7.1

EPSS 0.0024

EPSS Percentile 15.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (14)

Linux/Linux < 5.15

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 0830c5cf19bdec50d0ede4755ddc463663deb21c

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 6ed6cdbe88334ca3430c5aee7754dc4597498dfb

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 731ab1f9828800df871c5a7ab9ffe965317d3f15

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - a585faf0591548fe0920641950ebfa8a6eefe1cd

Linux/Linux 5.15

Linux/Linux 5.15.150 - 5.15.*

Linux/Linux 6.1.80 - 6.1.*

Linux/Linux 6.6.19 - 6.6.*

... and 4 more

Published Apr 03, 2024

Tracked Since Feb 18, 2026