fkie_cve-2023-53328
Vulnerability from fkie_nvd
Published
2025-09-16 17:15
Modified
2025-09-17 14:18
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Enhance sanity check while generating attr_list ni_create_attr_list uses WARN_ON to catch error cases while generating attribute list, which only prints out stack trace and may not be enough. This repalces them with more proper error handling flow. [ 59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e [ 59.673268] #PF: supervisor read access in kernel mode [ 59.678354] #PF: error_code(0x0000) - not-present page [ 59.682831] PGD 8000000005ff1067 P4D 8000000005ff1067 PUD 7dee067 PMD 0 [ 59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G B W 6.2.0-rc1+ #4 [ 59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860 [ 59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8 [ 59.731559] RSP: 0018:ffff88800a56f1e0 EFLAGS: 00010282 [ 59.735691] RAX: 0000000000000001 RBX: ffff88800b7b5088 RCX: ffffffffb83079fe [ 59.741792] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbb7f9fc0 [ 59.748423] RBP: ffff88800a56f3a8 R08: ffff88800b7b50a0 R09: fffffbfff76ff3f9 [ 59.754654] R10: ffffffffbb7f9fc7 R11: fffffbfff76ff3f8 R12: ffff88800b756180 [ 59.761552] R13: 0000000000000000 R14: 000000000000000e R15: 0000000000000050 [ 59.768323] FS: 00007feaa8c96440(0000) GS:ffff88806d400000(0000) knlGS:0000000000000000 [ 59.776027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.781395] CR2: 00007f3a2e0b1000 CR3: 000000000a5bc000 CR4: 00000000000006f0 [ 59.787607] Call Trace: [ 59.790271] <TASK> [ 59.792488] ? __pfx_ni_create_attr_list+0x10/0x10 [ 59.797235] ? kernel_text_address+0xd3/0xe0 [ 59.800856] ? unwind_get_return_address+0x3e/0x60 [ 59.805101] ? __kasan_check_write+0x18/0x20 [ 59.809296] ? preempt_count_sub+0x1c/0xd0 [ 59.813421] ni_ins_attr_ext+0x52c/0x5c0 [ 59.817034] ? __pfx_ni_ins_attr_ext+0x10/0x10 [ 59.821926] ? __vfs_setxattr+0x121/0x170 [ 59.825718] ? __vfs_setxattr_noperm+0x97/0x300 [ 59.829562] ? __vfs_setxattr_locked+0x145/0x170 [ 59.833987] ? vfs_setxattr+0x137/0x2a0 [ 59.836732] ? do_setxattr+0xce/0x150 [ 59.839807] ? setxattr+0x126/0x140 [ 59.842353] ? path_setxattr+0x164/0x180 [ 59.845275] ? __x64_sys_setxattr+0x71/0x90 [ 59.848838] ? do_syscall_64+0x3f/0x90 [ 59.851898] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 59.857046] ? stack_depot_save+0x17/0x20 [ 59.860299] ni_insert_attr+0x1ba/0x420 [ 59.863104] ? __pfx_ni_insert_attr+0x10/0x10 [ 59.867069] ? preempt_count_sub+0x1c/0xd0 [ 59.869897] ? _raw_spin_unlock_irqrestore+0x2b/0x50 [ 59.874088] ? __create_object+0x3ae/0x5d0 [ 59.877865] ni_insert_resident+0xc4/0x1c0 [ 59.881430] ? __pfx_ni_insert_resident+0x10/0x10 [ 59.886355] ? kasan_save_alloc_info+0x1f/0x30 [ 59.891117] ? __kasan_kmalloc+0x8b/0xa0 [ 59.894383] ntfs_set_ea+0x90d/0xbf0 [ 59.897703] ? __pfx_ntfs_set_ea+0x10/0x10 [ 59.901011] ? kernel_text_address+0xd3/0xe0 [ 59.905308] ? __kernel_text_address+0x16/0x50 [ 59.909811] ? unwind_get_return_address+0x3e/0x60 [ 59.914898] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 59.920250] ? arch_stack_walk+0xa2/0x100 [ 59.924560] ? filter_irq_stacks+0x27/0x80 [ 59.928722] ntfs_setxattr+0x405/0x440 [ 59.932512] ? __pfx_ntfs_setxattr+0x10/0x10 [ 59.936634] ? kvmalloc_node+0x2d/0x120 [ 59.940378] ? kasan_save_stack+0x41/0x60 [ 59.943870] ? kasan_save_stack+0x2a/0x60 [ 59.947719] ? kasan_set_track+0x29/0x40 [ 59.951417] ? kasan_save_alloc_info+0x1f/0x30 [ 59.955733] ? __kasan_kmalloc+0x8b/0xa0 [ 59.959598] ? __kmalloc_node+0x68/0x150 [ 59.963163] ? kvmalloc_node+0x2d/0x120 [ 59.966490] ? vmemdup_user+0x2b/0xa0 ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4246bbef0442f4a1e974df0ab091f4f33ac69451
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/64fab8bce5237ca225ee1ec9dff5cc8c31b0631f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e7799bb4dbe26bfb665f29ea87981708fd6012d8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fdec309c7672cbee4dc0229ee4cbb33c948a1bdd
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Enhance sanity check while generating attr_list\n\nni_create_attr_list uses WARN_ON to catch error cases while generating\nattribute list, which only prints out stack trace and may not be enough.\nThis repalces them with more proper error handling flow.\n\n[   59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e\n[   59.673268] #PF: supervisor read access in kernel mode\n[   59.678354] #PF: error_code(0x0000) - not-present page\n[   59.682831] PGD 8000000005ff1067 P4D 8000000005ff1067 PUD 7dee067 PMD 0\n[   59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI\n[   59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G    B   W          6.2.0-rc1+ #4\n[   59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[   59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860\n[   59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8\n[   59.731559] RSP: 0018:ffff88800a56f1e0 EFLAGS: 00010282\n[   59.735691] RAX: 0000000000000001 RBX: ffff88800b7b5088 RCX: ffffffffb83079fe\n[   59.741792] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbb7f9fc0\n[   59.748423] RBP: ffff88800a56f3a8 R08: ffff88800b7b50a0 R09: fffffbfff76ff3f9\n[   59.754654] R10: ffffffffbb7f9fc7 R11: fffffbfff76ff3f8 R12: ffff88800b756180\n[   59.761552] R13: 0000000000000000 R14: 000000000000000e R15: 0000000000000050\n[   59.768323] FS:  00007feaa8c96440(0000) GS:ffff88806d400000(0000) knlGS:0000000000000000\n[   59.776027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   59.781395] CR2: 00007f3a2e0b1000 CR3: 000000000a5bc000 CR4: 00000000000006f0\n[   59.787607] Call Trace:\n[   59.790271]  \u003cTASK\u003e\n[   59.792488]  ? __pfx_ni_create_attr_list+0x10/0x10\n[   59.797235]  ? kernel_text_address+0xd3/0xe0\n[   59.800856]  ? unwind_get_return_address+0x3e/0x60\n[   59.805101]  ? __kasan_check_write+0x18/0x20\n[   59.809296]  ? preempt_count_sub+0x1c/0xd0\n[   59.813421]  ni_ins_attr_ext+0x52c/0x5c0\n[   59.817034]  ? __pfx_ni_ins_attr_ext+0x10/0x10\n[   59.821926]  ? __vfs_setxattr+0x121/0x170\n[   59.825718]  ? __vfs_setxattr_noperm+0x97/0x300\n[   59.829562]  ? __vfs_setxattr_locked+0x145/0x170\n[   59.833987]  ? vfs_setxattr+0x137/0x2a0\n[   59.836732]  ? do_setxattr+0xce/0x150\n[   59.839807]  ? setxattr+0x126/0x140\n[   59.842353]  ? path_setxattr+0x164/0x180\n[   59.845275]  ? __x64_sys_setxattr+0x71/0x90\n[   59.848838]  ? do_syscall_64+0x3f/0x90\n[   59.851898]  ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[   59.857046]  ? stack_depot_save+0x17/0x20\n[   59.860299]  ni_insert_attr+0x1ba/0x420\n[   59.863104]  ? __pfx_ni_insert_attr+0x10/0x10\n[   59.867069]  ? preempt_count_sub+0x1c/0xd0\n[   59.869897]  ? _raw_spin_unlock_irqrestore+0x2b/0x50\n[   59.874088]  ? __create_object+0x3ae/0x5d0\n[   59.877865]  ni_insert_resident+0xc4/0x1c0\n[   59.881430]  ? __pfx_ni_insert_resident+0x10/0x10\n[   59.886355]  ? kasan_save_alloc_info+0x1f/0x30\n[   59.891117]  ? __kasan_kmalloc+0x8b/0xa0\n[   59.894383]  ntfs_set_ea+0x90d/0xbf0\n[   59.897703]  ? __pfx_ntfs_set_ea+0x10/0x10\n[   59.901011]  ? kernel_text_address+0xd3/0xe0\n[   59.905308]  ? __kernel_text_address+0x16/0x50\n[   59.909811]  ? unwind_get_return_address+0x3e/0x60\n[   59.914898]  ? __pfx_stack_trace_consume_entry+0x10/0x10\n[   59.920250]  ? arch_stack_walk+0xa2/0x100\n[   59.924560]  ? filter_irq_stacks+0x27/0x80\n[   59.928722]  ntfs_setxattr+0x405/0x440\n[   59.932512]  ? __pfx_ntfs_setxattr+0x10/0x10\n[   59.936634]  ? kvmalloc_node+0x2d/0x120\n[   59.940378]  ? kasan_save_stack+0x41/0x60\n[   59.943870]  ? kasan_save_stack+0x2a/0x60\n[   59.947719]  ? kasan_set_track+0x29/0x40\n[   59.951417]  ? kasan_save_alloc_info+0x1f/0x30\n[   59.955733]  ? __kasan_kmalloc+0x8b/0xa0\n[   59.959598]  ? __kmalloc_node+0x68/0x150\n[   59.963163]  ? kvmalloc_node+0x2d/0x120\n[   59.966490]  ? vmemdup_user+0x2b/0xa0\n---truncated---"
    }
  ],
  "id": "CVE-2023-53328",
  "lastModified": "2025-09-17T14:18:55.093",
  "metrics": {},
  "published": "2025-09-16T17:15:39.053",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4246bbef0442f4a1e974df0ab091f4f33ac69451"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/64fab8bce5237ca225ee1ec9dff5cc8c31b0631f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e7799bb4dbe26bfb665f29ea87981708fd6012d8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fdec309c7672cbee4dc0229ee4cbb33c948a1bdd"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.