In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix an NULL dereference bug
The issue here is when this is called from ntfsloadattrlist(). The "size" comes from le32tocpu(attr->res.datasize) so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZEROSIZEPTR and then the memcpy() will crash with an Oops on the next line.
{ "vanir_signatures": [ { "id": "CVE-2023-52631-01093eb7", "deprecated": false, "digest": { "function_hash": "3083576444997922691561255506853069304", "length": 93.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae4acad41b0f93f1c26cc0fc9135bb79d8282d0b", "target": { "file": "fs/ntfs3/ntfs_fs.h", "function": "al_aligned" }, "signature_version": "v1", "signature_type": "Function" }, { "id": "CVE-2023-52631-0bb25a21", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "140783593292545017935454570008001521659", "322896388762341641499599102438003777568", "26167353429071083966604484167060916526", "2994398942644217838386512621306775217" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@686820fe141ea0220fc6fdfc7e5694f915cf64b2", "target": { "file": "fs/ntfs3/ntfs_fs.h" }, "signature_version": "v1", "signature_type": "Line" }, { "id": "CVE-2023-52631-0d4bfc5d", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "140783593292545017935454570008001521659", "322896388762341641499599102438003777568", "112296527095678224688627919942229905460", "186890243282114042448887813053506060266" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec1bedd797588fe38fc11cba26d77bb1d9b194c6", "target": { "file": "fs/ntfs3/ntfs_fs.h" }, "signature_version": "v1", "signature_type": "Line" }, { "id": "CVE-2023-52631-0fa45d25", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "140783593292545017935454570008001521659", "322896388762341641499599102438003777568", "26167353429071083966604484167060916526", "2994398942644217838386512621306775217" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fb7bcd1722bc9bc55160378f5f99c01198fd14a7", "target": { "file": "fs/ntfs3/ntfs_fs.h" }, "signature_version": "v1", "signature_type": "Line" }, { "id": "CVE-2023-52631-250a329a", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "140783593292545017935454570008001521659", "322896388762341641499599102438003777568", "26167353429071083966604484167060916526", "2994398942644217838386512621306775217" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2dd7b953c25ffd5912dda17e980e7168bebcf6c", "target": { "file": "fs/ntfs3/ntfs_fs.h" }, "signature_version": "v1", "signature_type": "Line" }, { "id": "CVE-2023-52631-4f92c336", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "140783593292545017935454570008001521659", "322896388762341641499599102438003777568", "112296527095678224688627919942229905460", "186890243282114042448887813053506060266" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae4acad41b0f93f1c26cc0fc9135bb79d8282d0b", "target": { "file": "fs/ntfs3/ntfs_fs.h" }, "signature_version": "v1", "signature_type": "Line" }, { "id": "CVE-2023-52631-8e42012d", "deprecated": false, "digest": { "function_hash": "3083576444997922691561255506853069304", "length": 93.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2dd7b953c25ffd5912dda17e980e7168bebcf6c", "target": { "file": "fs/ntfs3/ntfs_fs.h", "function": "al_aligned" }, "signature_version": "v1", "signature_type": "Function" }, { "id": "CVE-2023-52631-bb8ded01", "deprecated": false, "digest": { "function_hash": "3083576444997922691561255506853069304", "length": 93.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec1bedd797588fe38fc11cba26d77bb1d9b194c6", "target": { "file": "fs/ntfs3/ntfs_fs.h", "function": "al_aligned" }, "signature_version": "v1", "signature_type": "Function" }, { "id": "CVE-2023-52631-c62de529", "deprecated": false, "digest": { "function_hash": "3083576444997922691561255506853069304", "length": 93.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fb7bcd1722bc9bc55160378f5f99c01198fd14a7", "target": { "file": "fs/ntfs3/ntfs_fs.h", "function": "al_aligned" }, "signature_version": "v1", "signature_type": "Function" }, { "id": "CVE-2023-52631-e37c6163", "deprecated": false, "digest": { "function_hash": "3083576444997922691561255506853069304", "length": 93.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@686820fe141ea0220fc6fdfc7e5694f915cf64b2", "target": { "file": "fs/ntfs3/ntfs_fs.h", "function": "al_aligned" }, "signature_version": "v1", "signature_type": "Function" } ] }