CVE-2023-54062
Description
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum.
However, at this point, the pointer to the xattr entry is no longer valid, because it was removed from the original location where it had been stored. So we could end up calling kvfree() on a pointer which was not allocated by kvmalloc(); or we could also potentially leak memory by not freeing the buffer when it should be freed. Fix this by storing whether it should be freed in a separate variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's ext4 filesystem, a use-after-free-like bug in ext4_xattr_move_to_block() can cause invalid memory freeing or memory leak when moving extended attributes to an external block.
Vulnerability
Overview
In the Linux kernel's ext4 filesystem, the function ext4_xattr_move_to_block() contains a vulnerability related to invalid free tracking. When moving an extended attribute to an external block, the code attempts to determine whether the value buffer was allocated by kvmalloc() by checking entry->e_value_inum. However, after the xattr entry is removed from its original location, the pointer becomes invalid, making this check unreliable.
Attack
Surface and Exploitation
This vulnerability can be triggered locally by an attacker who can cause ext4 extended attribute operations. The prerequisite is the ability to manipulate extended attributes on an ext4 filesystem. No special privileges are required beyond normal file access permissions, making it exploitable from userspace.
Impact
An attacker exploiting this flaw could cause the kernel to call kvfree() on a pointer not allocated by kvmalloc(), leading to memory corruption or kernel panic. Alternatively, the buffer may not be freed when it should be, resulting in a memory leak. Both scenarios can lead to system instability or denial of service.
Mitigation
The issue has been fixed in the Linux kernel through stable commits [1][2][3][4]. Users should apply the latest stable kernel updates to mitigate the vulnerability.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
976887be2a961f30f3391d089ba04d6af5ac41a8822343e678beaa3cb293ac5fa4eedddd1a18670395e5fb2fab1807d26b87c7cdf2bedVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- git.kernel.org/stable/c/1a8822343e67432b658145d2760a524c884da9d4nvd
- git.kernel.org/stable/c/76887be2a96193cd11be818551b8934ecdb3123fnvd
- git.kernel.org/stable/c/8beaa3cb293a8f7bacf711cf52201d59859dbc40nvd
- git.kernel.org/stable/c/a18670395e5f28acddeca037c5e4bd2ea961b70anvd
- git.kernel.org/stable/c/b2fab1807d26acd1c6115b95b5eddd697d84751bnvd
- git.kernel.org/stable/c/b87c7cdf2bed4928b899e1ce91ef0d147017ba45nvd
- git.kernel.org/stable/c/ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550anvd
- git.kernel.org/stable/c/c5fa4eedddd1c8342ce533cb401c0e693e55b4e3nvd
- git.kernel.org/stable/c/f30f3391d089dc91aef91d08f4b04a6c0df2b067nvd
News mentions
0No linked articles in our index yet.