Linux Kernel ntfs3: OOB Read in indx_insert_into_buffer
CVE-2023-54063 Published on December 24, 2025
fs/ntfs3: Fix OOB read in indx_insert_into_buffer
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix OOB read in indx_insert_into_buffer
Syzbot reported a OOB read bug:
BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0
fs/ntfs3/index.c:1755
Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630
Call Trace:
<TASK>
memmove+0x25/0x60 mm/kasan/shadow.c:54
indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755
indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863
ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548
ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100
lookup_open fs/namei.c:3413 [inline]
If the member struct INDEX_BUFFER *index of struct indx_node is
incorrect, that is, the value of __le32 used is greater than the value
of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when
memmove is called in indx_insert_into_buffer().
Fix this by adding a check in hdr_find_e().
Products Associated with CVE-2023-54063
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Linux Kernel. Just hit a watch button to start following.
Affected Versions
Linux:- Version 82cae269cfa953032fbb8980a7d554d60fb00b17 and below cd7e1d67924081717c5c96ead758a1a77867689a is affected.
- Version 82cae269cfa953032fbb8980a7d554d60fb00b17 and below 17048287ac79abd33b275ac3b5738285d406481b is affected.
- Version 82cae269cfa953032fbb8980a7d554d60fb00b17 and below a7e5dba10ba1402dd6c2f961a70320770865c4a5 is affected.
- Version 82cae269cfa953032fbb8980a7d554d60fb00b17 and below 4bf3b564e27a518f158a83d5e1a50064ed6136a0 is affected.
- Version 82cae269cfa953032fbb8980a7d554d60fb00b17 and below b8c44949044e5f7f864525fdffe8e95135ce9ce5 is affected.
- Version 5.15 is affected.
- Before 5.15 is unaffected.
- Version 5.15.111, <= 5.15.* is unaffected.
- Version 6.1.28, <= 6.1.* is unaffected.
- Version 6.2.15, <= 6.2.* is unaffected.
- Version 6.3.2, <= 6.3.* is unaffected.
- Version 6.4, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.