FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- msdosfs data disclosure

Affected packages
13.2 <= FreeBSD-kernel < 13.2_4
12.4 <= FreeBSD-kernel < 12.4_6

Details

VuXML ID fefcd340-624f-11ee-8e38-002590c1f29c
Discovery 2023-10-03
Entry 2023-10-04

Problem Description:

In certain cases using the truncate or ftruncate system call to extend a file size populates the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.

Impact:

A user with write access to files on a msdosfs file system may be able to read unintended data (for example, from a previously deleted file).

References

CVE Name CVE-2023-5368
FreeBSD Advisory SA-23:12.msdosfs

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.