CVE-2023-54062
Unknown Unknown - Not Provided
Use-After-Free Vulnerability in Linux Kernel ext4 Extended Attributes

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum. However, at this point, the pointer to the xattr entry is no longer valid, because it was removed from the original location where it had been stored. So we could end up calling kvfree() on a pointer which was not allocated by kvmalloc(); or we could also potentially leak memory by not freeing the buffer when it should be freed. Fix this by storing whether it should be freed in a separate variable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54062
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's ext4 filesystem code, specifically in the ext4_xattr_move_to_block() function. The issue arises because the function tries to free memory using kvfree() on a pointer that may no longer be valid, as the pointer to the extended attribute entry is removed before the free operation. This can lead to either freeing memory incorrectly or leaking memory by not freeing it when needed. The fix involves storing whether the memory should be freed in a separate variable to avoid invalid frees or leaks.


How can this vulnerability impact me? :

This vulnerability can impact a system by causing memory corruption or memory leaks in the Linux kernel's ext4 filesystem handling. Memory corruption can lead to system instability, crashes, or potential escalation of privileges if exploited. Memory leaks can degrade system performance over time by consuming resources unnecessarily.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart