CVE-2023-54063

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/ntfs3: Fix OOB read in indx_insert_into_buffer<br /> <br /> Syzbot reported a OOB read bug:<br /> <br /> BUG: KASAN: slab-out-of-bounds in indx_insert_into_buffer+0xaa3/0x13b0<br /> fs/ntfs3/index.c:1755<br /> Read of size 17168 at addr ffff8880255e06c0 by task syz-executor308/3630<br /> <br /> Call Trace:<br /> <br /> memmove+0x25/0x60 mm/kasan/shadow.c:54<br /> indx_insert_into_buffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755<br /> indx_insert_entry+0x446/0x6b0 fs/ntfs3/index.c:1863<br /> ntfs_create_inode+0x1d3f/0x35c0 fs/ntfs3/inode.c:1548<br /> ntfs_create+0x3e/0x60 fs/ntfs3/namei.c:100<br /> lookup_open fs/namei.c:3413 [inline]<br /> <br /> If the member struct INDEX_BUFFER *index of struct indx_node is<br /> incorrect, that is, the value of __le32 used is greater than the value<br /> of __le32 total in struct INDEX_HDR. Therefore, OOB read occurs when<br /> memmove is called in indx_insert_into_buffer().<br /> Fix this by adding a check in hdr_find_e().