CVE-2023-26544: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-26544 is a vulnerability discovered in the Linux kernel version 6.0.8, specifically affecting the NTFS file system implementation. The vulnerability involves a use-after-free issue in the run_unpack function located in fs/ntfs3/run.c, which is related to a difference between NTFS sector size and media sector size (CVE Details, Ubuntu Security).

The vulnerability stems from a use-after-free condition in the rununpack function within the NTFS3 driver. The issue occurs when the kernel attempts to read and parse MFT from disk in ntfsreadmft(). During the enumeration of attributes in the record, the kernel fails to properly validate the runoff field loaded from the disk. This can lead to an invalid argument runbufsize in rununpackex(), potentially causing an integer overflow (SUSE Bugzilla, LKML). The vulnerability has been assigned a CVSS score of 7.8 (HIGH) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NetApp Security).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The vulnerability affects systems running the Linux kernel version 6.0.8 with the NTFS3 filesystem driver enabled (NetApp Security).

The vulnerability has been fixed in mainline kernel version 6.2+ and backported to many stable branches, including v6.0.17+. The fix involves adding sanity checks between the offset to packed runs and attribute size. The patch was authored by Hawkins Jiawei and committed by Konstantin Komarov (Kernel Commit).