CVE-2023-54069
Unknown Unknown - Not Provided
Integer Overflow Bug in Linux Kernel ext4 Causes Kernel Panic

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow When we calculate the end position of ext4_free_extent, this position may be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not the first case of adjusting the best extent, that is, new_bex_end > 0, the following BUG_ON will be triggered: ========================================================= kernel BUG at fs/ext4/mballoc.c:5116! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 673 Comm: xfs_io Tainted: G E 6.5.0-rc1+ #279 RIP: 0010:ext4_mb_new_inode_pa+0xc5/0x430 Call Trace: <TASK> ext4_mb_use_best_found+0x203/0x2f0 ext4_mb_try_best_found+0x163/0x240 ext4_mb_regular_allocator+0x158/0x1550 ext4_mb_new_blocks+0x86a/0xe10 ext4_ext_map_blocks+0xb0c/0x13a0 ext4_map_blocks+0x2cd/0x8f0 ext4_iomap_begin+0x27b/0x400 iomap_iter+0x222/0x3d0 __iomap_dio_rw+0x243/0xcb0 iomap_dio_rw+0x16/0x80 ========================================================= A simple reproducer demonstrating the problem: mkfs.ext4 -F /dev/sda -b 4096 100M mount /dev/sda /tmp/test fallocate -l1M /tmp/test/tmp fallocate -l10M /tmp/test/file fallocate -i -o 1M -l16777203M /tmp/test/file fsstress -d /tmp/test -l 0 -n 100000 -p 8 & sleep 10 && killall -9 fsstress rm -f /tmp/test/tmp xfs_io -c "open -ad /tmp/test/file" -c "pwrite -S 0xff 0 8192" We simply refactor the logic for adjusting the best extent by adding a temporary ext4_free_extent ex and use extent_logical_end() to avoid overflow, which also simplifies the code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54069
EUVD
EUVD-2023-60257
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a bug in the Linux kernel's ext4 filesystem code, specifically in the ext4_mb_new_inode_pa() function. It occurs due to an integer overflow when calculating the end position of ext4_free_extent, which can cause the computed end to wrap around to zero incorrectly. This leads to a kernel BUG being triggered, causing a crash or invalid opcode error during filesystem operations involving extent allocation.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash or become unstable when performing certain filesystem operations on ext4 partitions. This could lead to data loss, system downtime, or corruption of the filesystem, impacting system reliability and availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel BUG messages related to ext4_mb_new_inode_pa() in the kernel logs. You can check for such BUGs using commands like 'dmesg | grep ext4_mb_new_inode_pa' or 'journalctl -k | grep ext4_mb_new_inode_pa'. Additionally, reproducing the issue involves filesystem operations on ext4 as shown in the example commands: mkfs.ext4, mount, fallocate, fsstress, and xfs_io, but these are more for testing than detection.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this ext4 overflow bug is fixed, as the issue is resolved by refactoring the ext4_mb_new_inode_pa() logic. Until then, avoid running workloads that heavily stress ext4 allocation paths with large fallocate operations or fsstress tools that might trigger the bug.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart