CVE-2023-53285
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-12-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 4.14.315 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.283 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.243 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.180 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.112 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.29 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.2.16 (exc) |
| linux | linux_kernel | From 6.3 (inc) to 6.3.3 (exc) |
| linux | linux_kernel | 6.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the ext4 file system's handling of extended attributes. Specifically, the function get_max_inline_xattr_value_size() lacked proper bounds checking. Normally, extended attributes in the inode body are checked when the inode is first opened. However, if someone writes directly to the block device while the file system is mounted, it can corrupt the inode table. Without bounds checking, this could lead to reading beyond the allocated memory, potentially causing memory corruption or crashes. The fix adds bounds checking to prevent reading beyond the end of allocated memory in such cases.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption or crashes in the Linux kernel's ext4 file system if the inode table becomes corrupted due to concurrent writes to the block device while mounted. This could potentially be exploited to cause denial of service or other unintended behavior on affected systems.