PT-2025-53209 · Linux · Linux Kernel

Published

2023-04-16

Updated

2026-01-28

CVE-2023-54132

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc6-syzkaller-g09a9639e56c0

Description The Linux kernel contains a flaw related to the handling of erofs filesystem images. Specifically, the kernel does not properly validate the clusterofs value within the HEAD index of non-compact images. A crafted image with an invalid clusterofs value can trigger a page fault, leading to a kernel panic. This issue is triggered by Syzbot-generated images with a non-compact HEAD index and an invalid clusterofs value. Normal images or those using compact indexes are not affected. The vulnerable code is located within the z erofs decompress queue function.

Recommendations Update to Linux kernel version 6.3.0-rc6-syzkaller-g09a9639e56c0 or a later version to address this issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2026-04226

CVE-2023-54132

SUSE-SU-2026:0263-1

SUSE-SU-2026:0317-1

Affected Products

Linux Kernel

PT-2025-53209 · Linux · Linux Kernel

CVE-2023-54132

Weakness Enumeration

Related Identifiers

Affected Products

References · 860