CVE-2023-54021Integer Underflow (Wrap or Wraparound) in Linux

CWE-191Integer Underflow (Wrap or Wraparound)7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.254.14.316+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxc9de560ded61faa5b754137b7753da252391c55a2479bb6cbdb4d56b807bbe5229e3e26a6f1f4530+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
ext4: set goal start correctly in ext4_mb_normalize_request2025-12-24
GHSA
GHSA-xwm6-35hh-fmxm: In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_2025-12-24
OSV
CVE-2023-54021: In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: ext4: set goal start correctly in ext4_mb_normalize_request2025-12-24
Debian
CVE-2023-54021: linux - In the Linux kernel, the following vulnerability has been resolved: ext4: set g...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54021 Impact, Exploitability, and Mitigation Steps | Wiz