CVE-2023-53100

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability has been resolved in the Linux kernel. The issue was found by Syzbot and is related to the ext4 file system. Specifically, it concerns the ext4 update inline data function, where a warning can be triggered due to incorrect handling of inline data. This can lead to a situation where the kzalloc function is called with a very large length, resulting in a warning. The vulnerability is caused by an incorrect update of the i inline off value after the ext4 xattr shift entries function is called.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the ext4 update inline data function. As a temporary workaround, consider disabling the ext4 update inline data function until a patch is available. However, since the provided information does not specify the exact fixed version, it is recommended to update to the latest available version of the Linux kernel. At the moment, there is no information about a newer version that contains a fix for this vulnerability, other than updating to a version that includes the fix for the ext4 update inline data function.