CVE-2023-52640 : In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: F

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea.

Published 2024-04-03 17:15:47

Updated 2025-02-27 21:59:09

Source Linux

View at NVD, CVE.org

Products affected by CVE-2023-52640

Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.7.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 5.15.150
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.19
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.80
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC1
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC2
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC3
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52640

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52640

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	1.8	5.2	NIST	2025-02-27
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2023-52640

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2023-52640

https://git.kernel.org/stable/c/0830c5cf19bdec50d0ede4755ddc463663deb21c

fs/ntfs3: Fix oob in ntfs_listxattr - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23

fs/ntfs3: Fix oob in ntfs_listxattr - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/731ab1f9828800df871c5a7ab9ffe965317d3f15

fs/ntfs3: Fix oob in ntfs_listxattr - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/6ed6cdbe88334ca3430c5aee7754dc4597498dfb

fs/ntfs3: Fix oob in ntfs_listxattr - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/a585faf0591548fe0920641950ebfa8a6eefe1cd

fs/ntfs3: Fix oob in ntfs_listxattr - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2023-52640

Products affected by CVE-2023-52640

Exploit prediction scoring system (EPSS) score for CVE-2023-52640

CVSS scores for CVE-2023-52640

CWE ids for CVE-2023-52640

References for CVE-2023-52640