CVE-2023-53091

MEDIUM

Linux Kernel < 5.15.104 - NULL Pointer Dereference in ext4 Journal Replay

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the journal replay, we ignore the change, and rewrite the current journal_inum to the superblock.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/499fef2030fb754c68b1c7cb3a799a3bc1d0d925

Patch

https://git.kernel.org/stable/c/70e66bdeae4d0f7c8e87762f425b68aedd5e8955

Patch

https://git.kernel.org/stable/c/ee0c5277d4fab920bd31345c49e193ecede9ecef

Patch

https://git.kernel.org/stable/c/3039d8b8692408438a618fac2776b629852663c3

Scores

CVSS v3 5.5

EPSS 0.0017

EPSS Percentile 6.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (21)

Linux/Linux < 5.2

Linux/Linux 2fd4629de51974002f4e9cf1a35a1926dd6c9d99

Linux/Linux 3.16.85 - 3.17

Linux/Linux 345c0dbf3a30872d9b204db96b5857cd00808cae - 3039d8b8692408438a618fac2776b629852663c3

Linux/Linux 345c0dbf3a30872d9b204db96b5857cd00808cae - 499fef2030fb754c68b1c7cb3a799a3bc1d0d925

Linux/Linux 345c0dbf3a30872d9b204db96b5857cd00808cae - 70e66bdeae4d0f7c8e87762f425b68aedd5e8955

Linux/Linux 345c0dbf3a30872d9b204db96b5857cd00808cae - ee0c5277d4fab920bd31345c49e193ecede9ecef

Linux/Linux 4.14.178 - 4.15

Linux/Linux 4.19.73 - 4.20

Linux/Linux 4.4.221 - 4.5

... and 11 more

Published May 02, 2025

Tracked Since Feb 18, 2026