CVE-2023-54305
Null Pointer Dereference in Linux ext4 Causes Kernel Panic
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ext4 filesystem where an attempt to create an extended attribute (ea) block is made during the unmount process. Specifically, the ea block expansion tries to access s_root, which is already set to NULL when unmounting is triggered. This can cause a system panic. The fix refuses the request to create the ea block during unmount to avoid this panic.
How can this vulnerability impact me? :
This vulnerability can cause the Linux system to panic during the unmounting of an ext4 filesystem, potentially leading to system instability or crashes. This could result in data loss or downtime if the system becomes unresponsive.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version where the ext4 ea block creation issue during unmount is fixed. Avoid using affected kernel versions and apply any available patches from your Linux distribution.