{ "threat_severity" : "Low", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: ext4: set goal start correctly in ext4_mb_normalize_request", "id" : "2424989", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2424989" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-191", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\next4: set goal start correctly in ext4_mb_normalize_request\nWe need to set ac_g_ex to notify the goal start used in\next4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in\next4_mb_normalize_request.\nBesides we should assure goal start is in range [first_data_block,\nblocks_count) as ext4_mb_initialize_context does.\n[ Added a check to make sure size is less than ar->pright; otherwise\nwe could end up passing an underflowed value of ar->pright - size to\next4_get_group_no_and_offset(), which will trigger a BUG_ON later on.\n- TYT ]", "A flaw was found in the Linux kernel's ext4 filesystem block allocator. In ext4_mb_normalize_request(), the goal start was being set incorrectly (ac_f_ex instead of ac_g_ex), and boundary validation was missing. Without proper range checking, an underflow in ar->pright - size could pass an invalid value to ext4_get_group_no_and_offset(), triggering a BUG_ON assertion and crashing the kernel." ], "statement" : "This flaw affects ext4 filesystems during block allocation operations. The incorrect variable assignment and missing bounds check can cause a kernel crash when specific allocation patterns trigger the underflow condition. The issue manifests during normal filesystem operations like file creation or extension, making it potentially triggerable by regular users writing to ext4 filesystems.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54021\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54021\nhttps://lore.kernel.org/linux-cve-announce/2025122433-CVE-2023-54021-15bf@gregkh/T" ], "name" : "CVE-2023-54021", "csaw" : false }