CVE-2023-54063

Published: Dic 24, 2025 Last Modified: Dic 29, 2025
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix OOB read in indx_insert_into_buffer

Syzbot reported a OOB read bug:

BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0
fs/ntfs3/index.c:1755
Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630

Call Trace:
<TASK>
memmove+0x25/0x60 mm/kasan/shadow.c:54
indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755
indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863
ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548
ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100
lookup_open fs/namei.c:3413 [inline]

If the member struct INDEX_BUFFER *index of struct indx_node is
incorrect, that is, the value of __le32 used is greater than the value
of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when
memmove is called in indx_insert_into_buffer().
Fix this by adding a check in hdr_find_e().

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0002
Percentile
0,1th
Updated

EPSS Score Trend (Last 81 Days)

https://git.kernel.org/stable/c/17048287ac79abd33b275ac3b57…
https://git.kernel.org/stable/c/17048287ac79abd33b275ac3b5738285d406481b
https://git.kernel.org/stable/c/4bf3b564e27a518f158a83d5e1a…
https://git.kernel.org/stable/c/4bf3b564e27a518f158a83d5e1a50064ed6136a0
https://git.kernel.org/stable/c/a7e5dba10ba1402dd6c2f961a70…
https://git.kernel.org/stable/c/a7e5dba10ba1402dd6c2f961a70320770865c4a5
https://git.kernel.org/stable/c/b8c44949044e5f7f864525fdffe…
https://git.kernel.org/stable/c/b8c44949044e5f7f864525fdffe8e95135ce9ce5
https://git.kernel.org/stable/c/cd7e1d67924081717c5c96ead75…
https://git.kernel.org/stable/c/cd7e1d67924081717c5c96ead758a1a77867689a