CVE-2023-54069

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc1+ #279

Description The Linux kernel contains a flaw in the ext4 file system implementation, specifically within the ext4 mb new inode pa() function. A calculation error during extent allocation can lead to an integer overflow when determining the end position of an extent. This overflow can trigger a kernel BUG, potentially leading to system instability or denial of service. The issue occurs when calculating the end position of ext4 free extent, where the computed end position may wrap around due to the overflow. A reproducer involving file allocation and the fsstress tool demonstrates the problem. The vulnerability is triggered when using the xfs io tool with specific parameters.

Recommendations Update to Linux kernel version 6.5.0-rc1+ #279 or a later version to address this issue.

Exploit

Fix

Allocation of Resources Without Limits

Improper Resource Release

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-404CWE-400

Related Identifiers

BDU:2026-01240

CVE-2023-54069

RHSA-2024:2394

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

Ext4

Fsstress

Xfs Io

CVE-2023-54069

Weakness Enumeration

Related Identifiers

Affected Products

References · 1468