vulnerability
Ubuntu: (CVE-2023-45896): linux-nvidia-6.5 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:S/C:C/I:N/A:C) | Aug 28, 2024 | Nov 19, 2024 | Aug 18, 2025 |
Severity
6
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:C)
Published
Aug 28, 2024
Added
Nov 19, 2024
Modified
Aug 18, 2025
Description
ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.
Solution
ubuntu-upgrade-linux-nvidia-6-5
References
- CVE-2023-45896
- https://attackerkb.com/topics/CVE-2023-45896
- CWE-276
- URL-https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11
- URL-https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
- URL-https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50
- URL-https://git.kernel.org/linus/013ff63b649475f0ee134e2c8d0c8e65284ede50
- URL-https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50
- URL-https://www.cve.org/CVERecord?id=CVE-2023-45896
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.