PT-2025-53230 · Linux+2 · Linux Kernel+2

Published

2023-06-26

Updated

2026-03-24

CVE-2023-54153

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's ext4 filesystem implementation where quotas are not properly disabled if a mount operation fails after quotas have been enabled. This can lead to a kernel memory leak. The issue occurs when ext4 mark recovery complete() returns an error, and the error handling path fails to turn off the enabled quotas. The fix involves adding a "failed mount10" tag and calling ext4 quota off umount() to release the enabled quotas. The affected function is ext4 enable quotas().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2026-01204

CVE-2023-54153

RHSA-2024:8617

RHSA-2024:9315

SUSE-SU-2026:0263-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Debian

Linux Kernel

Ext4

PT-2025-53230 · Linux+2 · Linux Kernel+2

CVE-2023-54153

Weakness Enumeration

Related Identifiers

Affected Products

References · 2185