CVE-2023-54021
Unknown Unknown - Not Provided
Integer Underflow in Linux Kernel ext4 Causes Potential System Crash

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value of ar->pright - size to ext4_get_group_no_and_offset(), which will trigger a BUG_ON later on. - TYT ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54021
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the ext4 filesystem in the Linux kernel where the goal start parameter was not set correctly in the ext4_mb_normalize_request function. Specifically, the code should set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal, but it was incorrectly setting ac_f_ex. Additionally, there was a missing check to ensure the size is less than ar->pright, which could cause an underflow leading to a BUG_ON error later in ext4_get_group_no_and_offset.

Impact Analysis

This vulnerability can cause the Linux kernel ext4 filesystem code to pass an underflowed value, potentially triggering a BUG_ON, which may lead to system instability or crashes when handling filesystem operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54021. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart