VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Apr 15, 2026

CVE-2023-53732

CVE-2023-53732

Description

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix NULL dereference in ni_write_inode

Syzbot reports a NULL dereference in ni_write_inode. When creating a new inode, if allocation fails in mi_init function (called in mi_format_new function), mi->mrec is set to NULL. In the error path of this inode creation, mi->mrec is later dereferenced in ni_write_inode.

Add a NULL check to prevent NULL dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in the Linux kernel's ntfs3 filesystem driver (ni_write_inode) can be triggered during inode creation failure, leading to a system crash.

Vulnerability

In the ntfs3 filesystem driver, when creating a new inode, if memory allocation fails in the mi_init function (called via mi_format_new), the mi->mrec pointer is set to NULL. In the error path of inode creation, ni_write_inode is called and dereferences mi->mrec without a NULL check, causing a NULL pointer dereference [1].

Exploitation

The vulnerability is triggered by a local user or process that can trigger inode creation on an ntfs3 filesystem, such as mounting a crafted NTFS volume and performing operations that cause allocation failure. No special privileges beyond the ability to mount and access the filesystem are required. The attack surface is local, requiring physical or remote access to the system with the ability to mount a malicious NTFS image.

Impact

A successful exploit results in a kernel NULL pointer dereference, leading to a system crash (denial of service). The vulnerability does not appear to allow privilege escalation or code execution, as it is a NULL dereference that typically causes an oops.

Mitigation

The fix adds a NULL check in ni_write_inode to prevent the dereference. The patch was applied to the Linux kernel mainline and backported to stable branches [1][2][3][4]. Users should update their kernel to a version containing the fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

4
d4b744825295
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b3152afc0eb8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b1135fbaf8eb
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
8dae4f6341e3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.