VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54305

CVE-2023-54305

Description

In the Linux kernel, the following vulnerability has been resolved:

ext4: refuse to create ea block when umounted

The ea block expansion need to access s_root while it is already set as NULL when umount is triggered. Refuse this request to avoid panic.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's ext4 filesystem, a panic occurs when expanding an extended attribute block during unmount, fixed by refusing the request.

Root

Cause

The vulnerability resides in the ext4 filesystem's extended attribute (ea) block expansion code. During unmount, the s_root pointer in the superblock is set to NULL. However, the ea block expansion routine accesses s_root without a NULL check, leading to a NULL pointer dereference and kernel panic.

Exploitation

Exploitation requires triggering an ea block expansion while the filesystem is in the process of being unmounted. An attacker with local access could cause this condition if a process holds an open file descriptor with extended attributes and the unmount is initiated concurrently, creating a race window. No special privileges beyond local access are needed.

Impact

Successful exploitation results in a denial of service (system crash) due to a kernel panic. There is no evidence of privilege escalation or data corruption.

Mitigation

The fix is to refuse the creation of ea blocks when the filesystem is unmounted. Patches have been applied to the stable kernel tree (references [1], [2], [3]). Users should update to a kernel version containing the fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

8
aedea161d031
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
21f6a80d9234
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a92b67e768bd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
0dc0fa313bb4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
116008ada3d0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
05cbf6ddd984
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a458a8c1d1fc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f31173c19901
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.