{"id":"CVE-2023-54062","summary":"ext4: fix invalid free tracking in ext4_xattr_move_to_block()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix invalid free tracking in ext4_xattr_move_to_block()\n\nIn ext4_xattr_move_to_block(), the value of the extended attribute\nwhich we need to move to an external block may be allocated by\nkvmalloc() if the value is stored in an external inode.  So at the end\nof the function the code tried to check if this was the case by\ntesting entry-\u003ee_value_inum.\n\nHowever, at this point, the pointer to the xattr entry is no longer\nvalid, because it was removed from the original location where it had\nbeen stored.  So we could end up calling kvfree() on a pointer which\nwas not allocated by kvmalloc(); or we could also potentially leak\nmemory by not freeing the buffer when it should be freed.  Fix this by\nstoring whether it should be freed in a separate variable.","modified":"2026-03-20T12:33:25.505317Z","published":"2025-12-24T12:23:08.649Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54062.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1a8822343e67432b658145d2760a524c884da9d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/76887be2a96193cd11be818551b8934ecdb3123f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8beaa3cb293a8f7bacf711cf52201d59859dbc40"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a18670395e5f28acddeca037c5e4bd2ea961b70a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2fab1807d26acd1c6115b95b5eddd697d84751b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b87c7cdf2bed4928b899e1ce91ef0d147017ba45"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c5fa4eedddd1c8342ce533cb401c0e693e55b4e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f30f3391d089dc91aef91d08f4b04a6c0df2b067"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54062.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54062"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c7851208abffe5ae4deb01cf48763911dc14fc67"},{"fixed":"76887be2a96193cd11be818551b8934ecdb3123f"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f5cdc6a7339f250d44d4d469ed7a474ac0d6c7a7"},{"fixed":"f30f3391d089dc91aef91d08f4b04a6c0df2b067"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3b28c799a1334adb5a19f42f03abe0d8cbb05938"},{"fixed":"ba04d6af5ac440a6d5a2d35dc1d8e2cb0323550a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d738789ae9ec47d3458a008788f3cdc862ebf0cb"},{"fixed":"1a8822343e67432b658145d2760a524c884da9d4"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a6744e14ce7045ab1a728bde9595f62fbd39f1d2"},{"fixed":"8beaa3cb293a8f7bacf711cf52201d59859dbc40"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8b6d06b3be7648b3b0f428558293ddf6e2cb94bf"},{"fixed":"c5fa4eedddd1c8342ce533cb401c0e693e55b4e3"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d2efaf8c870c7067b8d1779773134f3481cd8f68"},{"fixed":"a18670395e5f28acddeca037c5e4bd2ea961b70a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1e9d62d252812575ded7c620d8fc67c32ff06c16"},{"fixed":"b2fab1807d26acd1c6115b95b5eddd697d84751b"},{"fixed":"b87c7cdf2bed4928b899e1ce91ef0d147017ba45"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54062.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.315"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.283"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.243"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.180"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.112"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.29"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.3.0"},{"fixed":"6.3.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54062.json"}}],"schema_version":"1.7.5"}