CVE-2023-53988
Description
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
Here is a BUG report from syzbot:
BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631
Call Trace: memmove+0x25/0x60 mm/kasan/shadow.c:54 hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806 indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193 ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910 ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712 ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276
Before using the meta-data in struct INDEX_HDR, we need to check index header valid or not. Otherwise, the corruptedi (or malicious) fs image can cause out-of-bounds access which could make kernel panic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Linux kernel's ntfs3 driver has a slab-out-of-bounds read in hdr_delete_de() that can be triggered by a crafted NTFS image, causing a kernel panic.
Vulnerability
The ntfs3 filesystem driver in the Linux kernel contains a slab-out-of-bounds read vulnerability in the hdr_delete_de() function (fs/ntfs3/index.c). The bug occurs when processing a corrupted or malicious NTFS image that provides invalid metadata in the index header [1].
Exploitation
An attacker with the ability to mount a specially crafted NTFS filesystem can trigger the vulnerability by performing file operations such as unlink or rename (e.g., ntfs_unlink_inode, ntfs_rename). No special privileges are required beyond the ability to mount a filesystem [1].
Impact
The out-of-bounds read, reported by KASAN, can read up to 16842960 bytes beyond allocated memory, leading to a kernel panic and denial of service [1].
Mitigation
Patches have been applied to the stable Linux kernel branches [1][2]. Users should update their kernels to include the fix, which adds validation of the index header before use.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
5c58ea97aa94f9163a5b4ed29114204d25e1d4a034ece7e28ab84eee4c7abVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- git.kernel.org/stable/c/114204d25e1dffdd3a0c1cfbba219afd344f4b4fnvd
- git.kernel.org/stable/c/4a034ece7e2877673d9085d6e7ed45e6ee40b761nvd
- git.kernel.org/stable/c/9163a5b4ed290da4a7d23fa92533e0e81fd0166envd
- git.kernel.org/stable/c/ab84eee4c7ab929996602eda7832854c35a6dda2nvd
- git.kernel.org/stable/c/c58ea97aa94f033ee64a8cb6587d84a9849b6216nvd
News mentions
0No linked articles in our index yet.