{"id":"CVE-2023-53260","summary":"ovl: fix null pointer dereference in ovl_permission()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix null pointer dereference in ovl_permission()\n\nFollowing process:\n          P1                     P2\n path_lookupat\n  link_path_walk\n   inode_permission\n    ovl_permission\n      ovl_i_path_real(inode, &realpath)\n        path-\u003edentry = ovl_i_dentry_upper(inode)\n                          drop_cache\n\t\t\t   __dentry_kill(ovl_dentry)\n\t\t            iput(ovl_inode)\n\t\t             ovl_destroy_inode(ovl_inode)\n\t\t              dput(oi-\u003e__upperdentry)\n\t\t               dentry_kill(upperdentry)\n\t\t                dentry_unlink_inode\n\t\t\t\t upperdentry-\u003ed_inode = NULL\n      realinode = d_inode(realpath.dentry) // return NULL\n      inode_permission(realinode)\n       inode-\u003ei_sb  // NULL pointer dereference\n, will trigger an null pointer dereference at realinode:\n  [  335.664979] BUG: kernel NULL pointer dereference,\n                 address: 0000000000000002\n  [  335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0\n  [  335.669956] RIP: 0010:inode_permission+0x33/0x2c0\n  [  335.678939] Call Trace:\n  [  335.679165]  \u003cTASK\u003e\n  [  335.679371]  ovl_permission+0xde/0x320\n  [  335.679723]  inode_permission+0x15e/0x2c0\n  [  335.680090]  link_path_walk+0x115/0x550\n  [  335.680771]  path_lookupat.isra.0+0xb2/0x200\n  [  335.681170]  filename_lookup+0xda/0x240\n  [  335.681922]  vfs_statx+0xa6/0x1f0\n  [  335.682233]  vfs_fstatat+0x7b/0xb0\n\nFetch a reproducer in [Link].\n\nUse the helper ovl_i_path_realinode() to get realinode and then do\nnon-nullptr checking.","modified":"2026-05-18T05:57:11.851873123Z","published":"2025-09-15T14:46:31.919Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53260.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1a73f5b8f079fd42a544c1600beface50c63af7c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53dd2ca2c02fdcfe3aad2345091d371063f97d17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69f9ae7edf9ec0ff500429101923347fcba5c8c4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53260.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53260"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4b7791b2e95805eaa9568761741d33cf929c930c"},{"fixed":"53dd2ca2c02fdcfe3aad2345091d371063f97d17"},{"fixed":"69f9ae7edf9ec0ff500429101923347fcba5c8c4"},{"fixed":"1a73f5b8f079fd42a544c1600beface50c63af7c"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53260.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.19.0"},{"fixed":"6.1.43"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53260.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}