OpenCVE

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() It is preferable to exit through the out: label because internal debugging functions are located there.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc
https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd
https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c
https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a
https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b
https://lore.kernel.org/linux-cve-announce/2024040357-CVE-2023-52641-1c18@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52641
https://www.cve.org/CVERecord?id=CVE-2023-52641

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-03T17:00:16.041Z

Updated: 2024-11-04T14:50:17.025Z

Reserved: 2024-03-06T09:52:12.093Z

Link: CVE-2023-52641

Vulnrichment

Updated: 2024-08-02T23:03:21.366Z

NVD

Status : Awaiting Analysis

Published: 2024-04-03T17:15:47.470

Modified: 2024-11-21T08:40:15.947

Link: CVE-2023-52641

Redhat

Severity : Moderate

Publid Date: 2024-04-03T00:00:00Z

Links: CVE-2023-52641 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52641", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.093Z", "datePublished": "2024-04-03T17:00:16.041Z", "dateUpdated": "2024-11-04T14:50:17.025Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:50:17.025Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/attrib.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "ee8db6475cb1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "50545eb6cd5f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "947c3f3d31ea", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "847b68f58c21", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "aaab47f204aa", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/attrib.c"], "versions": [{"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b"}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc"}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c"}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd"}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a"}], "title": "fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52641", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:10:30.808212Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:12.912Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.366Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.366Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52641", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:10:30.808212Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.752Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "ee8db6475cb1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "50545eb6cd5f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "947c3f3d31ea", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "847b68f58c21", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "aaab47f204aa", "versionType": "git"}], "programFiles": ["fs/ntfs3/attrib.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.150", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.80", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.19", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.7", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ntfs3/attrib.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b"}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc"}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c"}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd"}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:50:17.025Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52641", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:50:17.025Z", "dateReserved": "2024-03-06T09:52:12.093Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-03T17:00:16.041Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()", "id": "2273087", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273087"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there.", "A vulnerability was found in the Linux kernel's NTFS3 filesystem (fs/ntfs3) involving a NULL pointer dereference in the attr_allocate_frame() function. This issue could cause system crashes or undefined behavior if a NULL pointer is encountered."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52641", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52641\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52641\nhttps://lore.kernel.org/linux-cve-announce/2024040357-CVE-2023-52641-1c18@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.150, kernel 6.1.80, kernel 6.6.19, kernel 6.7.7, kernel 6.8"}