CVE-2023-54062

EPSS 0.06%
Veröffentlicht 24.12.2025 12:23:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ext4: fix invalid free tracking in ext4_xattr_move_to_block()

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix invalid free tracking in ext4_xattr_move_to_block()

In ext4_xattr_move_to_block(), the value of the extended attribute
which we need to move to an external block may be allocated by
kvmalloc() if the value is stored in an external inode.  So at the end
of the function the code tried to check if this was the case by
testing entry->e_value_inum.

However, at this point, the pointer to the xattr entry is no longer
valid, because it was removed from the original location where it had
been stored.  So we could end up calling kvfree() on a pointer which
was not allocated by kvmalloc(); or we could also potentially leak
memory by not freeing the buffer when it should be freed.  Fix this by
storing whether it should be freed in a separate variable.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version c7851208abffe5ae4deb01cf48763911dc14fc67

Version < 76887be2a96193cd11be818551b8934ecdb3123f

Status affected

Version f5cdc6a7339f250d44d4d469ed7a474ac0d6c7a7

Version < f30f3391d089dc91aef91d08f4b04a6c0df2b067

Status affected

Version 3b28c799a1334adb5a19f42f03abe0d8cbb05938

Version < ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a

Status affected

Version d738789ae9ec47d3458a008788f3cdc862ebf0cb

Version < 1a8822343e67432b658145d2760a524c884da9d4

Status affected

Version a6744e14ce7045ab1a728bde9595f62fbd39f1d2

Version < 8beaa3cb293a8f7bacf711cf52201d59859dbc40

Status affected

Version 8b6d06b3be7648b3b0f428558293ddf6e2cb94bf

Version < c5fa4eedddd1c8342ce533cb401c0e693e55b4e3

Status affected

Version d2efaf8c870c7067b8d1779773134f3481cd8f68

Version < a18670395e5f28acddeca037c5e4bd2ea961b70a

Status affected

Version 1e9d62d252812575ded7c620d8fc67c32ff06c16

Version < b2fab1807d26acd1c6115b95b5eddd697d84751b

Status affected

Version 1e9d62d252812575ded7c620d8fc67c32ff06c16

Version < b87c7cdf2bed4928b899e1ce91ef0d147017ba45

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.3

Status affected

Version 0

Version < 6.3

Status unaffected

Version <= 4.14.*

Version 4.14.315

Status unaffected

Version <= 4.19.*

Version 4.19.283

Status unaffected

Version <= 5.4.*

Version 5.4.243

Status unaffected

Version <= 5.10.*

Version 5.10.180

Status unaffected

Version <= 5.15.*

Version 5.15.112

Status unaffected

Version <= 6.1.*

Version 6.1.29

Status unaffected

Version <= 6.2.*

Version 6.2.16

Status unaffected

Version <= 6.3.*

Version 6.3.3

Status unaffected

Version <= *

Version 6.4

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.196

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/76887be2a96193cd11be818551b8934ecdb3123f

https://git.kernel.org/stable/c/f30f3391d089dc91aef91d08f4b04a6c0df2b067

https://git.kernel.org/stable/c/ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a

https://git.kernel.org/stable/c/1a8822343e67432b658145d2760a524c884da9d4

https://git.kernel.org/stable/c/8beaa3cb293a8f7bacf711cf52201d59859dbc40

https://git.kernel.org/stable/c/c5fa4eedddd1c8342ce533cb401c0e693e55b4e3

https://git.kernel.org/stable/c/a18670395e5f28acddeca037c5e4bd2ea961b70a

https://git.kernel.org/stable/c/b2fab1807d26acd1c6115b95b5eddd697d84751b

https://git.kernel.org/stable/c/b87c7cdf2bed4928b899e1ce91ef0d147017ba45

https://nvd.nist.gov/vuln/detail/CVE-2023-54062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54062

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-54062