CVE-2023-54272 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode() could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni->mi.mrec can be also dereferenced in ni_clear(): ntfs_evict_inode(inode) ni_write_inode(inode, ...) ni = ntfs_i(inode); is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit ni_clear(ntfs_i(inode)) is_rec_inuse(ni->mi.mrec) -> No check Thus, a possible null-pointer dereference may exist in ni_clear(). To fix it, a NULL check is added in this function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6
https://git.kernel.org/stable/c/39c6312009574ca73865354133ca222e7753a71b
https://git.kernel.org/stable/c/e7675f85a92233136c630000a0b7cf97826705da
https://git.kernel.org/stable/c/ec275bf9693d19cc0fdce8436f4c425ced86f6e7

History

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a possible null-pointer dereference in ni_clear() In a previous commit c1006bd13146, ni->mi.mrec in ni_write_inode() could be NULL, and thus a NULL check is added for this variable. However, in the same call stack, ni->mi.mrec can be also dereferenced in ni_clear(): ntfs_evict_inode(inode) ni_write_inode(inode, ...) ni = ntfs_i(inode); is_rec_inuse(ni->mi.mrec) -> Add a NULL check by previous commit ni_clear(ntfs_i(inode)) is_rec_inuse(ni->mi.mrec) -> No check Thus, a possible null-pointer dereference may exist in ni_clear(). To fix it, a NULL check is added in this function.
Title		fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/20f9bfc664d6a478f9a5bbc0c380f80f7a1a06c6 https://git.kernel.org/stable/c/39c6312009574ca73865354133ca222e7753a71b https://git.kernel.org/stable/c/e7675f85a92233136c630000a0b7cf97826705da https://git.kernel.org/stable/c/ec275bf9693d19cc0fdce8436f4c425ced86f6e7

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:16:02.335Z

Updated: 2025-12-30T12:16:02.335Z

Reserved: 2025-12-30T12:06:44.522Z

Link: CVE-2023-54272

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-30T13:16:16.110

Modified: 2025-12-30T13:16:16.110

Link: CVE-2023-54272

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object