CVE-2023-54062Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum. However, at this point, the pointer to the xattr entry is no longer valid,

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.04.19.283+7
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxc7851208abffe5ae4deb01cf48763911dc14fc6776887be2a96193cd11be818551b8934ecdb3123f+9
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
ext4: fix invalid free tracking in ext4_xattr_move_to_block()2025-12-24
GHSA
GHSA-3m76-cj86-mwp4: In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move2025-12-24
OSV
CVE-2023-54062: In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_t2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: ext4: fix invalid free tracking in ext4_xattr_move_to_block()2025-12-24
Debian
CVE-2023-54062: linux - In the Linux kernel, the following vulnerability has been resolved: ext4: fix i...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54062 Impact, Exploitability, and Mitigation Steps | Wiz