Linux Kernel Vulnerability in NTFS3 Attribute List Generation
CVE-2023-53328

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2023-53328?

A vulnerability with the Linux kernel's NTFS3 module involves improper handling of errors while generating attribute lists. The function ni_create_attr_list, which previously utilized WARN_ON for logging issues, has been updated to enhance its error handling flow. This update aims to prevent potential crashes or undefined behavior linked to NULL pointer dereferences and to improve the overall robustness of the file system's operations, specifically during the handling of user-defined attributes.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4246bbef0442f4a1e974df0ab091f4f33ac69451

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 64fab8bce5237ca225ee1ec9dff5cc8c31b0631f

References

https://git.kernel.org/stable/c/e7799bb4dbe26bfb665f29ea8...

https://git.kernel.org/stable/c/4246bbef0442f4a1e974df0ab...

https://git.kernel.org/stable/c/64fab8bce5237ca225ee1ec9d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 16, 2025