VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54248

CVE-2023-54248

Description

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Add check for kmemdup

Since the kmemdup may return NULL pointer, it should be better to add check for the return value in order to avoid NULL pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's NTFS3 filesystem driver, kmemdup return value is unchecked, leading to a potential NULL pointer dereference.

Vulnerability

Overview

CVE-2023-54247 describes a missing return-value check in the Linux kernel's NTFS3 filesystem driver (fs/ntfs3). The function kmemdup is called without verifying that the returned pointer is non-NULL. If memory allocation fails, kmemdup returns NULL, and the subsequent use of that pointer will cause a NULL pointer dereference.

Exploitation and

Impact

An attacker with the ability to trigger the vulnerable code path (e.g., by mounting a crafted NTFS volume) could cause a denial of service (system crash) via the NULL pointer dereference. No special privileges beyond the ability to mount filesystems are likely required.

Mitigation

The fix, committed to the Linux kernel stable branches, adds an explicit check for the return value of kmemdup, ensuring that if a NULL is returned, the operation is safely aborted before any dereference occurs [1][2][3]. Users should apply the relevant kernel update.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

5
952bbfcedbf8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7898db22ed6c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9f36704a58ad
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cdcdfd57f4c7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e6c3cef24cb0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.