Linux kernel msdosfs Write-Back of Unallocated Disk Data on Truncate
CVE-2023-5368 Published on October 4, 2023
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Weakness Type
Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Products Associated with CVE-2023-5368
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5368 are published in these products:
Affected Versions
FreeBSD:- Version 13.2-RELEASE and below p4 is affected.
- Version 12.4-RELEASE and below p6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.