CVE-2023-54021

In the Linux kernel, the following vulnerability has been resolved:

ext4: set goal start correctly in ext4_mb_normalize_request

We need to set ac_g_ex to notify the goal start used in
ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in
ext4_mb_normalize_request.
Besides we should assure goal start is in range [first_data_block,
blocks_count) as ext4_mb_initialize_context does.

[ Added a check to make sure size is less than ar->pright; otherwise
  we could end up passing an underflowed value of ar->pright - size to
  ext4_get_group_no_and_offset(), which will trigger a BUG_ON later on.
  - TYT ]
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.247-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/2479bb6cbdb4d56b807bbe5229e3e26a6f1f4530
https://git.kernel.org/stable/c/390eee955d4de4662db5e3e9e9a9eae020432cb7
https://git.kernel.org/stable/c/3ca3005b502ca8ea87d6a344323b179b48c4e4a3
https://git.kernel.org/stable/c/abb330ffaa3a0ae7ce632e28c9260b461c01f19f
https://git.kernel.org/stable/c/b07ffe6927c75d99af534d685282ea188d9f71a6
https://git.kernel.org/stable/c/bc4a3e1d07a86ae5845321d371190244acacb2f2
https://git.kernel.org/stable/c/c6bee8970075b256fc1b07bf4873049219380818
https://git.kernel.org/stable/c/cee78217a7ae72d11c2e21e1a5263b8044489823