First published: Wed Oct 04 2023(Updated: )
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Credit: secteam@freebsd.org secteam@freebsd.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | <12.4 | |
FreeBSD FreeBSD | >=13.0<13.2 | |
FreeBSD FreeBSD | =12.4 | |
FreeBSD FreeBSD | =12.4-p1 | |
FreeBSD FreeBSD | =12.4-p2 | |
FreeBSD FreeBSD | =12.4-p3 | |
FreeBSD FreeBSD | =12.4-p4 | |
FreeBSD FreeBSD | =12.4-p5 | |
FreeBSD FreeBSD | =13.2 | |
FreeBSD FreeBSD | =13.2-p1 | |
FreeBSD FreeBSD | =13.2-p2 | |
FreeBSD FreeBSD | =13.2-p3 | |
<12.4 | ||
>=13.0<13.2 | ||
=12.4 | ||
=12.4-p1 | ||
=12.4-p2 | ||
=12.4-p3 | ||
=12.4-p4 | ||
=12.4-p5 | ||
=13.2 | ||
=13.2-p1 | ||
=13.2-p2 | ||
=13.2-p3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5368 is a vulnerability that affects the msdosfs filesystem in FreeBSD.
CVE-2023-5368 has a severity rating of 6.5 (medium).
CVE-2023-5368 allows a user with write access to files on a msdosfs filesystem to read unallocated data from the underlying disk device.
FreeBSD versions 12.4 and 13.0 to 13.2 are affected by CVE-2023-5368.
To fix CVE-2023-5368, update your FreeBSD system to version 12.4-p6, 13.2-p4, or later.