CVE-2023-54021
Unknown Unknown - Not Provided

Integer Underflow in Linux Kernel ext4 Causes Potential System Crash

Vulnerability report for CVE-2023-54021, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value of ar->pright - size to ext4_get_group_no_and_offset(), which will trigger a BUG_ON later on. - TYT ]

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-07-06
AI Q&A
2025-12-24
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the ext4 filesystem in the Linux kernel where the goal start parameter was not set correctly in the ext4_mb_normalize_request function. Specifically, the code should set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal, but it was incorrectly setting ac_f_ex. Additionally, there was a missing check to ensure the size is less than ar->pright, which could cause an underflow leading to a BUG_ON error later in ext4_get_group_no_and_offset.

Impact Analysis

This vulnerability can cause the Linux kernel ext4 filesystem code to pass an underflowed value, potentially triggering a BUG_ON, which may lead to system instability or crashes when handling filesystem operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54021. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart