{"id":"CVE-2023-53328","summary":"fs/ntfs3: Enhance sanity check while generating attr_list","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Enhance sanity check while generating attr_list\n\nni_create_attr_list uses WARN_ON to catch error cases while generating\nattribute list, which only prints out stack trace and may not be enough.\nThis repalces them with more proper error handling flow.\n\n[   59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e\n[   59.673268] #PF: supervisor read access in kernel mode\n[   59.678354] #PF: error_code(0x0000) - not-present page\n[   59.682831] PGD 8000000005ff1067 P4D 8000000005ff1067 PUD 7dee067 PMD 0\n[   59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI\n[   59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G    B   W          6.2.0-rc1+ #4\n[   59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[   59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860\n[   59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8\n[   59.731559] RSP: 0018:ffff88800a56f1e0 EFLAGS: 00010282\n[   59.735691] RAX: 0000000000000001 RBX: ffff88800b7b5088 RCX: ffffffffb83079fe\n[   59.741792] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbb7f9fc0\n[   59.748423] RBP: ffff88800a56f3a8 R08: ffff88800b7b50a0 R09: fffffbfff76ff3f9\n[   59.754654] R10: ffffffffbb7f9fc7 R11: fffffbfff76ff3f8 R12: ffff88800b756180\n[   59.761552] R13: 0000000000000000 R14: 000000000000000e R15: 0000000000000050\n[   59.768323] FS:  00007feaa8c96440(0000) GS:ffff88806d400000(0000) knlGS:0000000000000000\n[   59.776027] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   59.781395] CR2: 00007f3a2e0b1000 CR3: 000000000a5bc000 CR4: 00000000000006f0\n[   59.787607] Call Trace:\n[   59.790271]  \u003cTASK\u003e\n[   59.792488]  ? __pfx_ni_create_attr_list+0x10/0x10\n[   59.797235]  ? kernel_text_address+0xd3/0xe0\n[   59.800856]  ? unwind_get_return_address+0x3e/0x60\n[   59.805101]  ? __kasan_check_write+0x18/0x20\n[   59.809296]  ? preempt_count_sub+0x1c/0xd0\n[   59.813421]  ni_ins_attr_ext+0x52c/0x5c0\n[   59.817034]  ? __pfx_ni_ins_attr_ext+0x10/0x10\n[   59.821926]  ? __vfs_setxattr+0x121/0x170\n[   59.825718]  ? __vfs_setxattr_noperm+0x97/0x300\n[   59.829562]  ? __vfs_setxattr_locked+0x145/0x170\n[   59.833987]  ? vfs_setxattr+0x137/0x2a0\n[   59.836732]  ? do_setxattr+0xce/0x150\n[   59.839807]  ? setxattr+0x126/0x140\n[   59.842353]  ? path_setxattr+0x164/0x180\n[   59.845275]  ? __x64_sys_setxattr+0x71/0x90\n[   59.848838]  ? do_syscall_64+0x3f/0x90\n[   59.851898]  ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[   59.857046]  ? stack_depot_save+0x17/0x20\n[   59.860299]  ni_insert_attr+0x1ba/0x420\n[   59.863104]  ? __pfx_ni_insert_attr+0x10/0x10\n[   59.867069]  ? preempt_count_sub+0x1c/0xd0\n[   59.869897]  ? _raw_spin_unlock_irqrestore+0x2b/0x50\n[   59.874088]  ? __create_object+0x3ae/0x5d0\n[   59.877865]  ni_insert_resident+0xc4/0x1c0\n[   59.881430]  ? __pfx_ni_insert_resident+0x10/0x10\n[   59.886355]  ? kasan_save_alloc_info+0x1f/0x30\n[   59.891117]  ? __kasan_kmalloc+0x8b/0xa0\n[   59.894383]  ntfs_set_ea+0x90d/0xbf0\n[   59.897703]  ? __pfx_ntfs_set_ea+0x10/0x10\n[   59.901011]  ? kernel_text_address+0xd3/0xe0\n[   59.905308]  ? __kernel_text_address+0x16/0x50\n[   59.909811]  ? unwind_get_return_address+0x3e/0x60\n[   59.914898]  ? __pfx_stack_trace_consume_entry+0x10/0x10\n[   59.920250]  ? arch_stack_walk+0xa2/0x100\n[   59.924560]  ? filter_irq_stacks+0x27/0x80\n[   59.928722]  ntfs_setxattr+0x405/0x440\n[   59.932512]  ? __pfx_ntfs_setxattr+0x10/0x10\n[   59.936634]  ? kvmalloc_node+0x2d/0x120\n[   59.940378]  ? kasan_save_stack+0x41/0x60\n[   59.943870]  ? kasan_save_stack+0x2a/0x60\n[   59.947719]  ? kasan_set_track+0x29/0x40\n[   59.951417]  ? kasan_save_alloc_info+0x1f/0x30\n[   59.955733]  ? __kasan_kmalloc+0x8b/0xa0\n[   59.959598]  ? __kmalloc_node+0x68/0x150\n[   59.963163]  ? kvmalloc_node+0x2d/0x120\n[   59.966490]  ? vmemdup_user+0x2b/0xa0\n---truncated---","modified":"2026-04-02T09:44:00.566252Z","published":"2025-09-16T16:12:04.352Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53328.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4246bbef0442f4a1e974df0ab091f4f33ac69451"},{"type":"WEB","url":"https://git.kernel.org/stable/c/64fab8bce5237ca225ee1ec9dff5cc8c31b0631f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e7799bb4dbe26bfb665f29ea87981708fd6012d8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fdec309c7672cbee4dc0229ee4cbb33c948a1bdd"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53328.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53328"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4534a70b7056fd4b9a1c6db5a4ce3c98546b291e"},{"fixed":"e7799bb4dbe26bfb665f29ea87981708fd6012d8"},{"fixed":"4246bbef0442f4a1e974df0ab091f4f33ac69451"},{"fixed":"64fab8bce5237ca225ee1ec9dff5cc8c31b0631f"},{"fixed":"fdec309c7672cbee4dc0229ee4cbb33c948a1bdd"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53328.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}