CVE-2023-53285

ext4: add bounds checking in get_max_inline_xattr_value_size()

Published: 9/16/2025 Last updated: 1/14/2026 Reserved: 9/16/2025

In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone is writing to the block device while the file system is mounted, it's possible for the inode table to get corrupted. Add bounds checking to avoid reading beyond the end of allocated memory if this happens.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (28)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (4)

Product	Vendor	Version
Linux	Linux	12.2.1
Linux	Linux	< 6482c3dccbfb8d20e2856ce67c75856859930b3f
Linux	Linux	< V2406.0003
Linux	Linux	< V7.1.0.014

CVE-2023-53285

ext4: add bounds checking in get_max_inline_xattr_value_size()

Metrics

Opam packages affected (28)

Products affected (4)

References (18)