CVE-2023-53294
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53294
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53294.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53294
- Downstream
- Published
- 2025-09-16T08:11:26.926Z
- Modified
- 2025-11-30T06:13:00.921546Z
- Summary
- fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix null-ptr-deref on inode->iop in ntfslookup()
Syzbot reported a null-ptr-deref bug:
ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:dflagsforinode fs/dcache.c:1980 [inline] RIP: 0010:dadd+0x5ce/0x800 fs/dcache.c:2796 Call Trace: <TASK> dsplicealias+0x122/0x3b0 fs/dcache.c:3191 lookupopen fs/namei.c:3391 [inline] openlastlookups fs/namei.c:3481 [inline] pathopenat+0x10e6/0x2df0 fs/namei.c:3688 dofilpopen+0x264/0x4f0 fs/namei.c:3718 dosysopenat2+0x124/0x4e0 fs/open.c:1310 dosysopen fs/open.c:1326 [inline] _dosysopen fs/open.c:1334 [inline] _sesysopen fs/open.c:1330 [inline] _x64sysopen+0x221/0x270 fs/open.c:1330 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3d/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64after_hwframe+0x63/0xcd
If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL. And a null-ptr-deref may happen:
ntfslookup() dirsearchu() # inode->iop is set to NULL dsplicealias() _dadd() dflagsforinode() # inode->iop->get_link null-ptr-deref
Fix this by adding a Check on inode->iop before calling the dsplice_alias() function.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53294.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/254e69f284d7270e0abdc023ee53b71401c3ba0c
- https://git.kernel.org/stable/c/2ba22cbc6a1cf4b58195adbee0b80262e53992d3
- https://git.kernel.org/stable/c/d69d5e2a81df94534bdb468bcdd26060fcb7191a
- https://git.kernel.org/stable/c/e78240bc4b94fc42854d65e657bb998100cc8e1b
- https://git.kernel.org/stable/c/f8d9e062a695a3665c4635c4f216a75912687598
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53294.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53294
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4342306f0f0d5ff4315a204d315c1b51b914fca5Fixedf8d9e062a695a3665c4635c4f216a75912687598Fixedd69d5e2a81df94534bdb468bcdd26060fcb7191aFixed2ba22cbc6a1cf4b58195adbee0b80262e53992d3Fixede78240bc4b94fc42854d65e657bb998100cc8e1bFixed254e69f284d7270e0abdc023ee53b71401c3ba0c