Null Pointer Dereference in Linux Kernel due to Overlay Filesystem Permission Check
CVE-2023-53260

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 September 2025

What is CVE-2023-53260?

A null pointer dereference vulnerability exists in the overlay filesystem of the Linux kernel, specifically within the permission checking routine. This can occur when a race condition leads to a situation where the required real inode is not correctly retrieved, causing the kernel to dereference a null pointer. Exploitation may lead to system instability or crashes during file permission checks, emphasizing the importance of applying security patches provided by vendors to mitigate potential risks.

Affected Version(s)

Linux 4b7791b2e95805eaa9568761741d33cf929c930c < 53dd2ca2c02fdcfe3aad2345091d371063f97d17

Linux 4b7791b2e95805eaa9568761741d33cf929c930c < 69f9ae7edf9ec0ff500429101923347fcba5c8c4

Linux 4b7791b2e95805eaa9568761741d33cf929c930c < 1a73f5b8f079fd42a544c1600beface50c63af7c

References

https://git.kernel.org/stable/c/53dd2ca2c02fdcfe3aad23450...
https://git.kernel.org/stable/c/69f9ae7edf9ec0ff500429101...
https://git.kernel.org/stable/c/1a73f5b8f079fd42a544c1600...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53260 : Null Pointer Dereference in Linux Kernel due to Overlay Filesystem Permission Check