CVE-2023-53294

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/ntfs3: Fix null-ptr-deref on inode-&gt;i_op in ntfs_lookup()<br /> <br /> Syzbot reported a null-ptr-deref bug:<br /> <br /> ntfs3: loop0: Different NTFS&amp;#39; sector size (1024) and media sector size<br /> (512)<br /> ntfs3: loop0: Mark volume as dirty due to NTFS errors<br /> general protection fault, probably for non-canonical address<br /> 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN<br /> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]<br /> RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]<br /> RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796<br /> Call Trace:<br /> <br /> d_splice_alias+0x122/0x3b0 fs/dcache.c:3191<br /> lookup_open fs/namei.c:3391 [inline]<br /> open_last_lookups fs/namei.c:3481 [inline]<br /> path_openat+0x10e6/0x2df0 fs/namei.c:3688<br /> do_filp_open+0x264/0x4f0 fs/namei.c:3718<br /> do_sys_openat2+0x124/0x4e0 fs/open.c:1310<br /> do_sys_open fs/open.c:1326 [inline]<br /> __do_sys_open fs/open.c:1334 [inline]<br /> __se_sys_open fs/open.c:1330 [inline]<br /> __x64_sys_open+0x221/0x270 fs/open.c:1330<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> If the MFT record of ntfs inode is not a base record, inode-&gt;i_op can be<br /> NULL. And a null-ptr-deref may happen:<br /> <br /> ntfs_lookup()<br /> dir_search_u() # inode-&gt;i_op is set to NULL<br /> d_splice_alias()<br /> __d_add()<br /> d_flags_for_inode() # inode-&gt;i_op-&gt;get_link null-ptr-deref<br /> <br /> Fix this by adding a Check on inode-&gt;i_op before calling the<br /> d_splice_alias() function.