CVE-2023-53692

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc1-syzkaller

Description The Linux kernel contains a flaw within the ext4 filesystem implementation. Specifically, a use-after-free condition can occur in the ext4 find extent function when big allocation and inline data features are enabled. This issue arises when inline data is converted to an extent before write operations, leading to a scenario where the EXT4 STATE MAY INLINE DATA flag is not set, but i data still holds inline data. This can trigger a use-after-free when attempting to find the extent. The issue was identified by Syzbot. The ext4 clu mapped function is involved in this issue, and a prior commit (131294c35ed6) addressed a similar delayed allocation bug, but did not fully resolve the problem in this specific scenario.

Recommendations Update to a newer version of the Linux kernel that contains a fix for this vulnerability.