Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone is writing to the block device while the file system is mounted, it's possible for the inode table to get corrupted. Add bounds checking to avoid reading beyond the end of allocated memory if this happens.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.14.315 |
References
- https://git.kernel.org/stable/c/1d2caddbeeee56fbbc36b428c5b909c3ad88eb7fPatch
- https://git.kernel.org/stable/c/2220eaf90992c11d888fe771055d4de330385f01Patch
- https://git.kernel.org/stable/c/3d7b8fbcd2273e2b9f4c6de5ce2f4c0cd3cb1205Patch
- https://git.kernel.org/stable/c/4597554b4f7b29e7fd78aa449bab648f8da4ee2cPatch
- https://git.kernel.org/stable/c/486efbbc9445dca7890a1b86adbccb88b91284b0Patch
- https://git.kernel.org/stable/c/5a229d21b98d132673096710e8281ef522dab1d1Patch
- https://git.kernel.org/stable/c/88a06a94942c5c0a896e9da1113a6bb29e36cbefPatch
- https://git.kernel.org/stable/c/e780058bd75614b66882bc02620ddbd884171560Patch
- https://git.kernel.org/stable/c/f22b274429e88d3dc7e79d375b56ce4f2f59f0b4Patch
FAQ
What is CVE-2023-53285?
CVE-2023-53285 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been ...
How severe is CVE-2023-53285?
CVE-2023-53285 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53285?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.