CVE-2023-45896

Published: Aug 28, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50

https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-45896

Description

Affected Products

References