Bounds Checking Vulnerability in Linux Kernel's ext4 Filesystem
CVE-2023-53285

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 September 2025

What is CVE-2023-53285?

A significant vulnerability was identified in the Linux kernel's ext4 filesystem that potentially allows for inode table corruption. When the filesystem is mounted, the lack of proper bounds checking during operations on extended attributes may lead to unauthorized reads beyond allocated memory. This oversight occurs when a write operation is performed on the block device while it is actively being used. Implementing bounds checking in the 'get_max_inline_xattr_value_size()' function is essential to mitigate risks of memory corruption, ensuring the integrity and stability of the filesystem.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5a229d21b98d132673096710e8281ef522dab1d1

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3d7b8fbcd2273e2b9f4c6de5ce2f4c0cd3cb1205

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 486efbbc9445dca7890a1b86adbccb88b91284b0

References

https://git.kernel.org/stable/c/5a229d21b98d132673096710e...
https://git.kernel.org/stable/c/3d7b8fbcd2273e2b9f4c6de5c...
https://git.kernel.org/stable/c/486efbbc9445dca7890a1b86a...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53285 : Bounds Checking Vulnerability in Linux Kernel's ext4 Filesystem