CVE-2023-54062
- Source
- https://cve.org/CVERecord?id=CVE-2023-54062
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54062.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-54062
- Downstream
- Published
- 2025-12-24T12:23:08.649Z
- Modified
- 2026-01-05T22:14:55.593469Z
- Summary
- ext4: fix invalid free tracking in ext4_xattr_move_to_block()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix invalid free tracking in ext4xattrmovetoblock()
In ext4xattrmovetoblock(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->evalueinum.
However, at this point, the pointer to the xattr entry is no longer valid, because it was removed from the original location where it had been stored. So we could end up calling kvfree() on a pointer which was not allocated by kvmalloc(); or we could also potentially leak memory by not freeing the buffer when it should be freed. Fix this by storing whether it should be freed in a separate variable.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54062.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1a8822343e67432b658145d2760a524c884da9d4
- https://git.kernel.org/stable/c/76887be2a96193cd11be818551b8934ecdb3123f
- https://git.kernel.org/stable/c/8beaa3cb293a8f7bacf711cf52201d59859dbc40
- https://git.kernel.org/stable/c/a18670395e5f28acddeca037c5e4bd2ea961b70a
- https://git.kernel.org/stable/c/b2fab1807d26acd1c6115b95b5eddd697d84751b
- https://git.kernel.org/stable/c/b87c7cdf2bed4928b899e1ce91ef0d147017ba45
- https://git.kernel.org/stable/c/ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a
- https://git.kernel.org/stable/c/c5fa4eedddd1c8342ce533cb401c0e693e55b4e3
- https://git.kernel.org/stable/c/f30f3391d089dc91aef91d08f4b04a6c0df2b067
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54062.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54062
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc7851208abffe5ae4deb01cf48763911dc14fc67Fixed76887be2a96193cd11be818551b8934ecdb3123f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf5cdc6a7339f250d44d4d469ed7a474ac0d6c7a7Fixedf30f3391d089dc91aef91d08f4b04a6c0df2b067
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3b28c799a1334adb5a19f42f03abe0d8cbb05938Fixedba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd738789ae9ec47d3458a008788f3cdc862ebf0cbFixed1a8822343e67432b658145d2760a524c884da9d4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda6744e14ce7045ab1a728bde9595f62fbd39f1d2Fixed8beaa3cb293a8f7bacf711cf52201d59859dbc40
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8b6d06b3be7648b3b0f428558293ddf6e2cb94bfFixedc5fa4eedddd1c8342ce533cb401c0e693e55b4e3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd2efaf8c870c7067b8d1779773134f3481cd8f68Fixeda18670395e5f28acddeca037c5e4bd2ea961b70a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1e9d62d252812575ded7c620d8fc67c32ff06c16Fixedb2fab1807d26acd1c6115b95b5eddd697d84751bFixedb87c7cdf2bed4928b899e1ce91ef0d147017ba45
Affected versions
v4.*
v4.14.308
v4.14.309
v4.14.310
v4.14.311
v4.14.312
v4.14.313
v4.14.314
v4.19.276
v4.19.277
v4.19.278
v4.19.279
v4.19.280
v4.19.281
v4.19.282
v5.*
v5.10.173
v5.10.174
v5.10.175
v5.10.176
v5.10.177
v5.10.178
v5.10.179
v5.15.100
v5.15.101
v5.15.102
v5.15.103
v5.15.104
v5.15.105
v5.15.106
v5.15.107
v5.15.108
v5.15.109
v5.15.110
v5.15.111
v5.15.99
v5.4.235
v5.4.236
v5.4.237
v5.4.238
v5.4.239
v5.4.240
v5.4.241
v5.4.242
v6.*
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.2
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2
v6.4-rc1
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.14.315
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.283
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.243
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.180
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.112
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.29
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.2.16
- Type
- ECOSYSTEM
- Events
-
Introduced6.3.0Fixed6.3.3