CVE-2023-52641

Advisory lineage Upstream: 0 Downstream: 17

Downstream

DEBIAN-CVE-2023-52641 SUSE-SU-2024:2135-1 SUSE-SU-2024:2203-1 SUSE-SU-2024:2973-1 SUSE-SU-2025:20008-1 SUSE-SU-2025:20028-1

Analyzed

Published: 03 Apr 2024, 17:00

Last modified:11 May 2026, 19:30

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Apr 2024, 17:00

Published

Vulnerability first disclosed

11 May 2026, 19:30

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() It is preferable to exit through the out: label because internal debugging functions are located there.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e, < ee8db6475cb15c8122855f72ad4cfa5375af6a7b | ≥ 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e, < 50545eb6cd5f7ff852a01fa29b7372524ef948cc | ≥ 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e, < 947c3f3d31ea185ddc8e7f198873f17d36deb24c | ≥ 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e, < 847b68f58c212f0439c5a8101b3841f32caffccd | ≥ 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e, < aaab47f204aaf47838241d57bf8662c8840de60a | 5.15
linux•linux_kernel
< 5.15.150 | ≥ 5.16, < 6.1.80 | ≥ 6.2, < 6.6.19 | ≥ 6.7, < 6.7.7 | 6.8:rc1 | 6.8:rc2 | 6.8:rc3