PT-2025-40233 · Ext4+3 · Ext4+3

Published

2023-07-14

·

Updated

2025-11-19

·

CVE-2023-53526

CVSS v2.0

6.2

Medium

VectorAV:L/AC:L/Au:S/C:N/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel's jbd2 subsystem related to checkpoint handling. A specific process can corrupt an ext4 image due to improper handling of journal checkpoints. The issue arises from removing a checkpoint from a transaction list without first verifying its association with a transaction. This can lead to data loss if a power interruption or system crash occurs before the transaction is fully committed. The process involves steps including jbd2 journal commit transaction, do get write access, drop cache, jbd2 log do checkpoint, and jbd2 cleanup journal tail. The vulnerability occurs when a checkpoint is removed from a transaction list while still being referenced by another transaction.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-664CWE-120

Related Identifiers

BDU:2025-16239
CVE-2023-53526
SUSE-SU-2025:03600-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1

Affected Products

Linux Kernel
Suse
Ext4
Jbd2