DEBIAN-CVE-2023-53260
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53260
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53260.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53260
- Upstream
- Published
- 2025-09-15T15:15:53Z
- Modified
- 2025-09-19T07:33:41.017785Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovlpermission() Following process: P1 P2 pathlookupat linkpathwalk inodepermission ovlpermission ovlipathreal(inode, &realpath) path->dentry = ovlidentryupper(inode) dropcache dentrykill(ovldentry) iput(ovlinode) ovldestroyinode(ovlinode) dput(oi->upperdentry) dentrykill(upperdentry) dentryunlinkinode upperdentry->dinode = NULL realinode = dinode(realpath.dentry) // return NULL inodepermission(realinode) inode->isb // NULL pointer dereference , will trigger an null pointer dereference at realinode: [ 335.664979] BUG: kernel NULL pointer dereference, address: 0000000000000002 [ 335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0 [ 335.669956] RIP: 0010:inodepermission+0x33/0x2c0 [ 335.678939] Call Trace: [ 335.679165] <TASK> [ 335.679371] ovlpermission+0xde/0x320 [ 335.679723] inodepermission+0x15e/0x2c0 [ 335.680090] linkpathwalk+0x115/0x550 [ 335.680771] pathlookupat.isra.0+0xb2/0x200 [ 335.681170] filenamelookup+0xda/0x240 [ 335.681922] vfsstatx+0xa6/0x1f0 [ 335.682233] vfsfstatat+0x7b/0xb0 Fetch a reproducer in [Link]. Use the helper ovlipathrealinode() to get realinode and then do non-nullptr checking.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.52-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source