{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52641", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.093Z", "datePublished": "2024-04-03T17:00:16.041Z", "dateUpdated": "2025-05-04T07:40:35.468Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:40:35.468Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/attrib.c"], "versions": [{"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "ee8db6475cb15c8122855f72ad4cfa5375af6a7b", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "50545eb6cd5f7ff852a01fa29b7372524ef948cc", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "947c3f3d31ea185ddc8e7f198873f17d36deb24c", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "847b68f58c212f0439c5a8101b3841f32caffccd", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "aaab47f204aaf47838241d57bf8662c8840de60a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/attrib.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.15.150"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.7.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b"}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc"}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c"}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd"}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a"}], "title": "fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52641", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:10:30.808212Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:12.912Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.366Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.366Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52641", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T18:10:30.808212Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.752Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "ee8db6475cb15c8122855f72ad4cfa5375af6a7b", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "50545eb6cd5f7ff852a01fa29b7372524ef948cc", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "947c3f3d31ea185ddc8e7f198873f17d36deb24c", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "847b68f58c212f0439c5a8101b3841f32caffccd", "versionType": "git"}, {"status": "affected", "version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "aaab47f204aaf47838241d57bf8662c8840de60a", "versionType": "git"}], "programFiles": ["fs/ntfs3/attrib.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.150", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.80", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.19", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.7", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ntfs3/attrib.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b"}, {"url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc"}, {"url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c"}, {"url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd"}, {"url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.150", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.80", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.19", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.7", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "5.15"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:40:35.468Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52641", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:40:35.468Z", "dateReserved": "2024-03-06T09:52:12.093Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-03T17:00:16.041Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A7524E0-82D9-422E-BD7A-99C27CD188A5", "versionEndExcluding": "5.15.150", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B", "versionEndExcluding": "6.1.80", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0", "versionEndExcluding": "6.6.19", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B", "versionEndExcluding": "6.7.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Agregar verificaci\u00f3n de desreferencia de ptr NULL al final de attr_allocate_frame() Es preferible salir por la etiqueta out: porque las funciones de depuraci\u00f3n interna se encuentran all\u00ed."}], "id": "CVE-2023-52641", "lastModified": "2025-01-07T20:18:38.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-04-03T17:15:47.470", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()", "id": "2273087", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273087"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there.", "A vulnerability was found in the Linux kernel's NTFS3 filesystem (fs/ntfs3) involving a NULL pointer dereference in the attr_allocate_frame() function. This issue could cause system crashes or undefined behavior if a NULL pointer is encountered."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52641", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52641\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52641\nhttps://lore.kernel.org/linux-cve-announce/2024040357-CVE-2023-52641-1c18@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}