{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53260","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-15T14:19:21.850Z","datePublished":"2025-09-15T14:46:31.919Z","dateUpdated":"2026-05-11T19:41:21.024Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:41:21.024Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix null pointer dereference in ovl_permission()\n\nFollowing process:\n          P1                     P2\n path_lookupat\n  link_path_walk\n   inode_permission\n    ovl_permission\n      ovl_i_path_real(inode, &realpath)\n        path->dentry = ovl_i_dentry_upper(inode)\n                          drop_cache\n\t\t\t   __dentry_kill(ovl_dentry)\n\t\t            iput(ovl_inode)\n\t\t             ovl_destroy_inode(ovl_inode)\n\t\t              dput(oi->__upperdentry)\n\t\t               dentry_kill(upperdentry)\n\t\t                dentry_unlink_inode\n\t\t\t\t upperdentry->d_inode = NULL\n      realinode = d_inode(realpath.dentry) // return NULL\n      inode_permission(realinode)\n       inode->i_sb  // NULL pointer dereference\n, will trigger an null pointer dereference at realinode:\n  [  335.664979] BUG: kernel NULL pointer dereference,\n                 address: 0000000000000002\n  [  335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0\n  [  335.669956] RIP: 0010:inode_permission+0x33/0x2c0\n  [  335.678939] Call Trace:\n  [  335.679165]  <TASK>\n  [  335.679371]  ovl_permission+0xde/0x320\n  [  335.679723]  inode_permission+0x15e/0x2c0\n  [  335.680090]  link_path_walk+0x115/0x550\n  [  335.680771]  path_lookupat.isra.0+0xb2/0x200\n  [  335.681170]  filename_lookup+0xda/0x240\n  [  335.681922]  vfs_statx+0xa6/0x1f0\n  [  335.682233]  vfs_fstatat+0x7b/0xb0\n\nFetch a reproducer in [Link].\n\nUse the helper ovl_i_path_realinode() to get realinode and then do\nnon-nullptr checking."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/overlayfs/inode.c"],"versions":[{"version":"4b7791b2e95805eaa9568761741d33cf929c930c","lessThan":"53dd2ca2c02fdcfe3aad2345091d371063f97d17","status":"affected","versionType":"git"},{"version":"4b7791b2e95805eaa9568761741d33cf929c930c","lessThan":"69f9ae7edf9ec0ff500429101923347fcba5c8c4","status":"affected","versionType":"git"},{"version":"4b7791b2e95805eaa9568761741d33cf929c930c","lessThan":"1a73f5b8f079fd42a544c1600beface50c63af7c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/overlayfs/inode.c"],"versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","status":"unaffected","versionType":"semver"},{"version":"6.1.43","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.4","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.4.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/53dd2ca2c02fdcfe3aad2345091d371063f97d17"},{"url":"https://git.kernel.org/stable/c/69f9ae7edf9ec0ff500429101923347fcba5c8c4"},{"url":"https://git.kernel.org/stable/c/1a73f5b8f079fd42a544c1600beface50c63af7c"}],"title":"ovl: fix null pointer dereference in ovl_permission()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53260","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:02:35.668254Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:02:53.254Z"}}]}}