Denial of Service Vulnerability in Linux Kernel's ext4 File System
CVE-2023-53503
What is CVE-2023-53503?
In the Linux kernel, a vulnerability was identified in the ext4 file system where the function ext4_get_group_info() previously treated an invalid group number as a critical error (BUG()). This flaw could allow a malicious actor to exploit the system by modifying the superblock while the file system is mounted, leading to an oversized value assigned to s_first_data_block. Consequently, this could trigger an underflow when determining the block group for a specified block number, initiating a denial of service scenario. In the revised implementation, ext4_get_group_info() no longer triggers a critical error but instead returns NULL and logs the issue, thereby enhancing system stability even when administrative errors occur.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 100c0ad6c04597fefeaaba2bb1827cc015d95067
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 620a3c28221bb219b81bc0bffd065cc187494302
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2