Linux kernel msdosfs Write-Back of Unallocated Disk Data on Truncate
CVE-2023-5368 Published on October 4, 2023
msdosfs data disclosure
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.
This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Weakness Type
Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Products Associated with CVE-2023-5368
stack.watch emails you whenever new vulnerabilities are published in FreeBSD or Linux Kernel. Just hit a watch button to start following.
Affected Versions
FreeBSD:- Version 13.2-RELEASE and below p4 is affected.
- Version 12.4-RELEASE and below p6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.