5.5
CVE-2023-53503
- EPSS 0.15%
- Veröffentlicht 01.10.2025 12:15:53
- Zuletzt bearbeitet 06.04.2026 14:45:08
- CVE-Watchlists
- Unerledigt
ext4: allow ext4_get_group_info() to fail
In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4_get_group_info() to fail Previously, ext4_get_group_info() would treat an invalid group number as BUG(), since in theory it should never happen. However, if a malicious attaker (or fuzzer) modifies the superblock via the block device while it is the file system is mounted, it is possible for s_first_data_block to get set to a very large number. In that case, when calculating the block group of some block number (such as the starting block of a preallocation region), could result in an underflow and very large block group number. Then the BUG_ON check in ext4_get_group_info() would fire, resutling in a denial of service attack that can be triggered by root or someone with write access to the block device. For a quality of implementation perspective, it's best that even if the system administrator does something that they shouldn't, that it will not trigger a BUG. So instead of BUG'ing, ext4_get_group_info() will call ext4_error and return NULL. We also add fallback code in all of the callers of ext4_get_group_info() that it might NULL. Also, since ext4_get_group_info() was already borderline to be an inline function, un-inline it. The results in a next reduction of the compiled text size of ext4 by roughly 2k.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.11 < 5.10.181
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.113
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.30
Linux ≫ Linux Kernel Version >= 6.2 < 6.3.4
Linux ≫ Linux Kernel Version6.4 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/100c0ad6c04597fefeaaba2bb1827cc015d95067
https://git.kernel.org/stable/c/31668cebf45adfb6283e465e641c4f5a21b07afa
https://git.kernel.org/stable/c/5354b2af34064a4579be8bc0e2f15a7b70f14b5f
https://git.kernel.org/stable/c/620a3c28221bb219b81bc0bffd065cc187494302
https://git.kernel.org/stable/c/b4319e457d6e3fb33e443efeaf4634fc36e8a9ed