Null Pointer Dereference Vulnerability in Linux Kernel's NTFS Module

CVE-2023-53294

What is CVE-2023-53294?

A vulnerability exists in the NTFS module of the Linux kernel where a null pointer dereference can occur within the ntfs_lookup function if the Master File Table (MFT) record of an NTFS inode is not a base record. This situation can potentially lead to system instability or crashes when inode operations are performed improperly. The vulnerability arises during the handling of filesystem queries, particularly when the inode's operation pointer (i_op) is null. To mitigate this risk, a check has been introduced to ensure that inode->i_op is valid before proceeding with the execution of related functions, thus enhancing overall system security.

References