{
  "affected": [
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:12",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.37-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:13",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.7-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:14",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.7-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:  fs/ntfs3: Fix null-ptr-deref on inode-\u003ei_op in ntfs_lookup()  Syzbot reported a null-ptr-deref bug:  ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline] RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796 Call Trace:  \u003cTASK\u003e  d_splice_alias+0x122/0x3b0 fs/dcache.c:3191  lookup_open fs/namei.c:3391 [inline]  open_last_lookups fs/namei.c:3481 [inline]  path_openat+0x10e6/0x2df0 fs/namei.c:3688  do_filp_open+0x264/0x4f0 fs/namei.c:3718  do_sys_openat2+0x124/0x4e0 fs/open.c:1310  do_sys_open fs/open.c:1326 [inline]  __do_sys_open fs/open.c:1334 [inline]  __se_sys_open fs/open.c:1330 [inline]  __x64_sys_open+0x221/0x270 fs/open.c:1330  do_syscall_x64 arch/x86/entry/common.c:50 [inline]  do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80  entry_SYSCALL_64_after_hwframe+0x63/0xcd  If the MFT record of ntfs inode is not a base record, inode-\u003ei_op can be NULL. And a null-ptr-deref may happen:  ntfs_lookup()     dir_search_u() # inode-\u003ei_op is set to NULL     d_splice_alias()         __d_add()             d_flags_for_inode() # inode-\u003ei_op-\u003eget_link null-ptr-deref  Fix this by adding a Check on inode-\u003ei_op before calling the d_splice_alias() function.",
  "id": "DEBIAN-CVE-2023-53294",
  "modified": "2026-04-28T19:53:40.657108520Z",
  "published": "2025-09-16T08:15:38.683Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security-tracker.debian.org/tracker/CVE-2023-53294"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "upstream": [
    "CVE-2023-53294"
  ]
}