CVE-2023-54069

EUVD-2023-60257
In the Linux kernel, the following vulnerability has been resolved:

ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow

When we calculate the end position of ext4_free_extent, this position may
be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if
ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the
computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not
the first case of adjusting the best extent, that is, new_bex_end > 0, the
following BUG_ON will be triggered:

=========================================================
kernel BUG at fs/ext4/mballoc.c:5116!
invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 673 Comm: xfs_io Tainted: G E 6.5.0-rc1+ #279
RIP: 0010:ext4_mb_new_inode_pa+0xc5/0x430
Call Trace:
 <TASK>
 ext4_mb_use_best_found+0x203/0x2f0
 ext4_mb_try_best_found+0x163/0x240
 ext4_mb_regular_allocator+0x158/0x1550
 ext4_mb_new_blocks+0x86a/0xe10
 ext4_ext_map_blocks+0xb0c/0x13a0
 ext4_map_blocks+0x2cd/0x8f0
 ext4_iomap_begin+0x27b/0x400
 iomap_iter+0x222/0x3d0
 __iomap_dio_rw+0x243/0xcb0
 iomap_dio_rw+0x16/0x80
=========================================================

A simple reproducer demonstrating the problem:

	mkfs.ext4 -F /dev/sda -b 4096 100M
	mount /dev/sda /tmp/test
	fallocate -l1M /tmp/test/tmp
	fallocate -l10M /tmp/test/file
	fallocate -i -o 1M -l16777203M /tmp/test/file
	fsstress -d /tmp/test -l 0 -n 100000 -p 8 &
	sleep 10 && killall -9 fsstress
	rm -f /tmp/test/tmp
	xfs_io -c "open -ad /tmp/test/file" -c "pwrite -S 0xff 0 8192"

We simply refactor the logic for adjusting the best extent by adding
a temporary ext4_free_extent ex and use extent_logical_end() to avoid
overflow, which also simplifies the code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.247-1
fixed
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-hwe
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-hwe-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-hwe-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-hwe-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-hwe-edge
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
ignored
linux-lts-xenial
jammy
dne
noble
dne
plucky
dne
questing
dne
trusty
needs-triage
linux-kvm
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-allwinner-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-aws-5.0
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-aws-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-aws-hwe
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-azure
bionic
ignored
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-azure-4.15
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-azure-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-azure-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-fde
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
dne
linux-azure-fde-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-fde-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-nvidia
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-nvidia-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-bluefield
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-edge
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
xenial
needs-triage
linux-aws-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-azure-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gcp-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gcp
bionic
ignored
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
linux-gcp-4.15
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-gcp-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-gcp-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-gke
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gke-4.15
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gke-5.4
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gke-5.15
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gkeop
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gkeop-5.4
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gkeop-5.15
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-ibm-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-intel-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-intel-iotg
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-intel-iotg-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-iot
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-intel-iot-realtime
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-lowlatency
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-lowlatency-hwe-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-nvidia
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-nvidia-lowlatency
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-tegra
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-tegra-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-nvidia-tegra-igx
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-oracle
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
linux-oracle-5.0
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oracle-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-oracle-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-oem
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.6
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.10
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.14
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.17
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.0
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.1
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.8
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-oem-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-oem-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-oem-6.17
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-raspi
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
linux-raspi2
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-raspi-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-raspi-realtime
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-realtime
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
linux-realtime-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-realtime-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-riscv
focal
ignored
jammy
ignored
noble
ignored
plucky
needs-triage
questing
needs-triage
linux-riscv-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-riscv-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-riscv-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-riscv-6.14
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-starfive-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-starfive-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-starfive-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-xilinx
jammy
dne
noble
needs-triage
plucky
needs-triage
questing
dne
linux-xilinx-zynqmp
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/58fe961c606c446f5612f6897827b1cac42c2e89
https://git.kernel.org/stable/c/83ecffd40c65844a73c2e93d7c841455786605ac
https://git.kernel.org/stable/c/b7e9ec38b6a0beb5a49cd1e76be0a9a07c218e90
https://git.kernel.org/stable/c/bc056e7163ac7db945366de219745cf94f32a3e6
https://git.kernel.org/stable/c/f2c3a3aa6f11ad9878dbc3a067b0633e07b586c1
https://git.kernel.org/stable/c/fcefddf3a151b2c416b20120c06bb1ba9ad676fb