CVE-2023-54272 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()

In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode()
could be NULL, and thus a NULL check is added for this variable.

However, in the same call stack, ni->mi.mrec can be also dereferenced
in ni_clear():

ntfs_evict_inode(inode)
ni_write_inode(inode, ...)
ni = ntfs_i(inode);
is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit
ni_clear(ntfs_i(inode))
is_rec_inuse(ni->mi.mrec) -> No check

Thus, a possible null-pointer dereference may exist in ni_clear().
To fix it, a NULL check is added in this function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6
https://git.kernel.org/stable/c/39c6312009574ca73865354133ca222e7753a71b
https://git.kernel.org/stable/c/e7675f85a92233136c630000a0b7cf97826705da
https://git.kernel.org/stable/c/ec275bf9693d19cc0fdce8436f4c425ced86f6e7

History

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode() could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni->mi.mrec can be also dereferenced in ni_clear(): ntfs_evict_inode(inode) ni_write_inode(inode, ...) ni = ntfs_i(inode); is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit ni_clear(ntfs_i(inode)) is_rec_inuse(ni->mi.mrec) -> No check Thus, a possible null-pointer dereference may exist in ni_clear(). To fix it, a NULL check is added in this function.
Title		fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6 https://git.kernel.org/stable/c/39c6312009574ca73865354133ca222e7753a71b https://git.kernel.org/stable/c/e7675f85a92233136c630000a0b7cf97826705da https://git.kernel.org/stable/c/ec275bf9693d19cc0fdce8436f4c425ced86f6e7

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:16:02.335Z

Updated: 2025-12-30T12:16:02.335Z

Reserved: 2025-12-30T12:06:44.522Z

Link: CVE-2023-54272

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-30T13:16:16.110

Modified: 2025-12-30T13:16:16.110

Link: CVE-2023-54272

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object