PT-2024-14663 · Linux+9 · Linux Kernel+9
Published
2023-10-23
·
Updated
2025-09-29
·
CVE-2023-52622
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.0-rc5+
Description
The vulnerability is related to the ext4 file system in the Linux kernel. When an ext4 file system is online resized with an oversized flexbg size, it can trigger a WARN ON due to the size of the new group data array exceeding MAX ORDER. The minimum value of MAX ORDER is 8, and the minimum value of PAGE SIZE is 4096, resulting in a maximum number of groups that can be allocated being approximately 21845. To avoid online resizing failures, the number of groups added each time does not exceed the defined MAX RESIZE BG value, which is 16384, and is added multiple times to complete the online resizing.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu