CVE-2023-53091

Summary

In the Linux kernel, the following vulnerability has been resolved:

ext4: update s_journal_inum if it changes after journal replay

When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the journal replay, we ignore the change, and rewrite the current journal_inum to the superblock.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux345c0dbf3a30872d9b204db96b5857cd00808cae < 499fef2030fb754c68b1c7cb3a799a3bc1d0d925affected
LinuxLinux345c0dbf3a30872d9b204db96b5857cd00808cae < 70e66bdeae4d0f7c8e87762f425b68aedd5e8955affected
LinuxLinux345c0dbf3a30872d9b204db96b5857cd00808cae < ee0c5277d4fab920bd31345c49e193ecede9ecefaffected
LinuxLinux345c0dbf3a30872d9b204db96b5857cd00808cae < 3039d8b8692408438a618fac2776b629852663c3affected
LinuxLinux51890201da4d654f6ca131bc45a0e892bb10de1daffected
LinuxLinux7eff961ca9f364be255d279346517ba0158ec8e3affected
LinuxLinuxa9855260fe8d8680bf8c4f0d8303b696c861e99baffected
LinuxLinux795762468125a6412c089651e74f780bee154118affected
LinuxLinux2fd4629de51974002f4e9cf1a35a1926dd6c9d99affected
LinuxLinux3.16.85 < 3.17affected
LinuxLinux4.4.221 < 4.5affected
LinuxLinux4.9.221 < 4.10affected
LinuxLinux4.14.178 < 4.15affected
LinuxLinux4.19.73 < 4.20affected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.15.104 <= 5.15.*unaffected
LinuxLinux6.1.21 <= 6.1.*unaffected
LinuxLinux6.2.8 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References