CVE-2023-54062

EPSS 0.05%
Veröffentlicht 24.12.2025 12:23:08
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix invalid free tracking in ext4_xattr_move_to_block()

In ext4_xattr_move_to_block(), the value of the extended attribute
which we need to move to an external block may be allocated by
kvmalloc() if the value is stored in an external inode.  So at the end
of the function the code tried to check if this was the case by
testing entry->e_value_inum.

However, at this point, the pointer to the xattr entry is no longer
valid, because it was removed from the original location where it had
been stored.  So we could end up calling kvfree() on a pointer which
was not allocated by kvmalloc(); or we could also potentially leak
memory by not freeing the buffer when it should be freed.  Fix this by
storing whether it should be freed in a separate variable.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 76887be2a96193cd11be818551b8934ecdb3123f

Version c7851208abffe5ae4deb01cf48763911dc14fc67

Status affected

Version < f30f3391d089dc91aef91d08f4b04a6c0df2b067

Version f5cdc6a7339f250d44d4d469ed7a474ac0d6c7a7

Status affected

Version < ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a

Version 3b28c799a1334adb5a19f42f03abe0d8cbb05938

Status affected

Version < 1a8822343e67432b658145d2760a524c884da9d4

Version d738789ae9ec47d3458a008788f3cdc862ebf0cb

Status affected

Version < 8beaa3cb293a8f7bacf711cf52201d59859dbc40

Version a6744e14ce7045ab1a728bde9595f62fbd39f1d2

Status affected

Version < c5fa4eedddd1c8342ce533cb401c0e693e55b4e3

Version 8b6d06b3be7648b3b0f428558293ddf6e2cb94bf

Status affected

Version < a18670395e5f28acddeca037c5e4bd2ea961b70a

Version d2efaf8c870c7067b8d1779773134f3481cd8f68

Status affected

Version < b2fab1807d26acd1c6115b95b5eddd697d84751b

Version 1e9d62d252812575ded7c620d8fc67c32ff06c16

Status affected

Version < b87c7cdf2bed4928b899e1ce91ef0d147017ba45

Version 1e9d62d252812575ded7c620d8fc67c32ff06c16

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.3

Status affected

Version < 6.3

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.315

Status unaffected

Version <= 4.19.*

Version 4.19.283

Status unaffected

Version <= 5.4.*

Version 5.4.243

Status unaffected

Version <= 5.10.*

Version 5.10.180

Status unaffected

Version <= 5.15.*

Version 5.15.112

Status unaffected

Version <= 6.1.*

Version 6.1.29

Status unaffected

Version <= 6.2.*

Version 6.2.16

Status unaffected

Version <= 6.3.*

Version 6.3.3

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/76887be2a96193cd11be818551b8934ecdb3123f

https://git.kernel.org/stable/c/f30f3391d089dc91aef91d08f4b04a6c0df2b067

https://git.kernel.org/stable/c/ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a

https://git.kernel.org/stable/c/1a8822343e67432b658145d2760a524c884da9d4

https://git.kernel.org/stable/c/8beaa3cb293a8f7bacf711cf52201d59859dbc40

https://git.kernel.org/stable/c/c5fa4eedddd1c8342ce533cb401c0e693e55b4e3

https://git.kernel.org/stable/c/a18670395e5f28acddeca037c5e4bd2ea961b70a

https://git.kernel.org/stable/c/b2fab1807d26acd1c6115b95b5eddd697d84751b

https://git.kernel.org/stable/c/b87c7cdf2bed4928b899e1ce91ef0d147017ba45

https://nvd.nist.gov/vuln/detail/CVE-2023-54062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54062

EUVD