CVE-2023-53285 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 97.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 16

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone is writing to the block device while the file system is mounted, it's possible for the inode table to get corrupted. Add bounds checking to avoid reading beyond the end of allocated memory if this happens.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel4.15 — 4.19.283+8

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linux67cf5b09a46f72e048501b84996f2f77bc42e947 — 5a229d21b98d132673096710e8281ef522dab1d1+9

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2023-53285: In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extend↗2025-09-16

▶

GHSA

GHSA-whjr-jhc6-c22f: In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the exte↗2025-09-16

▶

📋Vendor Advisories

Red Hat

kernel: ext4: add bounds checking in get_max_inline_xattr_value_size()↗2025-09-16

▶

Debian

CVE-2023-53285: linux - In the Linux kernel, the following vulnerability has been resolved: ext4: add b...↗2023

▶