CVE-2023-45896

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45896
ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11
https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50
https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50
Configurations

No configuration.

History

01 Nov 2024, 08:35

Type Values Removed Values Added
CWE CWE-276
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.1

04 Sep 2024, 15:15

Type Values Removed Values Added
Summary (en) ntfs3 in the Linux kernel before 6.5.11 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image. (en) ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.

28 Aug 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) ntfs3 en el kernel de Linux anterior a 6.5.11 permite a un atacante físicamente próximo leer la memoria del kernel montando un sistema de archivos (por ejemplo, si una distribución de Linux está configurada para permitir montajes sin privilegios de medios extraíbles) y luego aprovechar el acceso local para activar una lectura fuera de los límites. Un valor de longitud puede ser mayor que la cantidad de memoria asignada. NOTA: la perspectiva del proveedor es que no hay vulnerabilidad cuando un ataque requiere una imagen del sistema de archivos modificada por el atacante.

28 Aug 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-28 05:15

Updated : 2024-11-01 08:35

NVD link : CVE-2023-45896

Mitre link : CVE-2023-45896

CVE.ORG link : CVE-2023-45896

JSON object : View

Products Affected

No product.

CWE
CWE-276

Incorrect Default Permissions


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024