A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
Created ntfs-3g tracking bugs for this issue: Affects: epel-all [bug 2236365] Affects: fedora-all [bug 2236366]
Changing the impact to Low as, For RHEL, that provides libguestfs-winsupport, That's Low Impact, Confidentiality/Integrity as None and Availability as Low because even if an attacker can trick a high-privileged user into opening a malicious NTFS with a very long mount point, he would be confined in a temporary VM without network and he could read/write only the malicious NTFS image itself. On Fedora, however, ntfs-3g is directly shipped and it is not run in a temporary VM. For these reasons, the Impact there is Moderate. In any case, the ntfs-3g binaries are not SUID, so the attacker needs to trick a high-privileged user to open a malicious NTFS filesystem with a very long mount point.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5239 https://access.redhat.com/errata/RHSA-2023:5239
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5264 https://access.redhat.com/errata/RHSA-2023:5264
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.4.0.EUS Via RHSA-2023:5405 https://access.redhat.com/errata/RHSA-2023:5405
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5587 https://access.redhat.com/errata/RHSA-2023:5587
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5796 https://access.redhat.com/errata/RHSA-2023:5796
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:6168 https://access.redhat.com/errata/RHSA-2023:6168
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6167 https://access.redhat.com/errata/RHSA-2023:6167
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0404 https://access.redhat.com/errata/RHSA-2024:0404