CVE-2023-53224
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4_feat_ktype With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. ext4_feat_ktype was setting the "release" handler to "kfree", which doesn't have a matching function prototype. Add a simple wrapper with the correct prototype. This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches. Note that this code is only reached when ext4 is a loadable module and it is being unloaded: CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698) ... RIP: 0010:kobject_put+0xbb/0x1b0 ... Call Trace: <TASK> ext4_exit_sysfs+0x14/0x60 [ext4] cleanup_module+0x67/0xedb [ext4]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-04
Generated
2026-05-07
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53224
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.16 (inc) to 4.19.274 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.233 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.170 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.96 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.14 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves a function prototype mismatch in the Linux kernel's ext4 filesystem module. Specifically, the 'ext4_feat_ktype' function was setting a 'release' handler to 'kfree', which does not match the expected function prototype. With Clang's kernel control flow integrity (kCFI) enabled, indirect function calls are checked against expected prototypes to prevent invalid calls that could lead to security issues like ROP attacks. Because of the mismatch, when the ext4 module is unloaded, this causes a runtime failure such as a kernel panic or thread termination. The fix involved adding a wrapper with the correct function prototype to prevent these failures.


How can this vulnerability impact me? :

If you are using the ext4 filesystem as a loadable kernel module and it is unloaded, this vulnerability can cause a kernel panic or cause threads to be killed due to control flow integrity failures. This can lead to system instability or crashes, potentially disrupting services or causing data loss during module unload operations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart