Bug 2308286 (CVE-2023-45896) - CVE-2023-45896 kernel: ntfs3: kernel memory read by mounting a filesystem
Summary: CVE-2023-45896 kernel: ntfs3: kernel memory read by mounting a filesystem
Keywords:
Status: NEW
Alias: CVE-2023-45896
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-28 05:20 UTC by OSIDB Bzimport
Modified: 2024-08-29 14:40 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2024-08-28 05:20:30 UTC
ntfs3 in the Linux kernel before 6.5.11 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.


Note You need to log in before you can comment on or make changes to this bug.