1. Home
  2. Vulnerabilities
  3. CVE-2023-54021
0.0
NA
CVE-2023-54021
ext4: set goal start correctly in ext4_mb_normalize_request
Description

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value of ar->pright - size to ext4_get_group_no_and_offset(), which will trigger a BUG_ON later on. - TYT ]

INFO

Published Date :

Dec. 24, 2025, 11:15 a.m.

Last Modified :

Dec. 24, 2025, 11:15 a.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-54021 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Update the Linux kernel to patch the ext4 module to ensure correct goal start setting.
  • Apply the latest Linux kernel updates.
  • Ensure ext4 module goal start is correctly set.
  • Verify goal start is within the valid range.
  • Check for underflowed values passed to ext4 functions.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-54021.

URL Resource
https://git.kernel.org/stable/c/2479bb6cbdb4d56b807bbe5229e3e26a6f1f4530
https://git.kernel.org/stable/c/390eee955d4de4662db5e3e9e9a9eae020432cb7
https://git.kernel.org/stable/c/3ca3005b502ca8ea87d6a344323b179b48c4e4a3
https://git.kernel.org/stable/c/abb330ffaa3a0ae7ce632e28c9260b461c01f19f
https://git.kernel.org/stable/c/b07ffe6927c75d99af534d685282ea188d9f71a6
https://git.kernel.org/stable/c/bc4a3e1d07a86ae5845321d371190244acacb2f2
https://git.kernel.org/stable/c/c6bee8970075b256fc1b07bf4873049219380818
https://git.kernel.org/stable/c/cee78217a7ae72d11c2e21e1a5263b8044489823
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-54021 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-54021 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-54021 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-54021 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 24, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4_mb_normalize_request We need to set ac_g_ex to notify the goal start used in ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in ext4_mb_normalize_request. Besides we should assure goal start is in range [first_data_block, blocks_count) as ext4_mb_initialize_context does. [ Added a check to make sure size is less than ar->pright; otherwise we could end up passing an underflowed value of ar->pright - size to ext4_get_group_no_and_offset(), which will trigger a BUG_ON later on. - TYT ]
    Added Reference https://git.kernel.org/stable/c/2479bb6cbdb4d56b807bbe5229e3e26a6f1f4530
    Added Reference https://git.kernel.org/stable/c/390eee955d4de4662db5e3e9e9a9eae020432cb7
    Added Reference https://git.kernel.org/stable/c/3ca3005b502ca8ea87d6a344323b179b48c4e4a3
    Added Reference https://git.kernel.org/stable/c/abb330ffaa3a0ae7ce632e28c9260b461c01f19f
    Added Reference https://git.kernel.org/stable/c/b07ffe6927c75d99af534d685282ea188d9f71a6
    Added Reference https://git.kernel.org/stable/c/bc4a3e1d07a86ae5845321d371190244acacb2f2
    Added Reference https://git.kernel.org/stable/c/c6bee8970075b256fc1b07bf4873049219380818
    Added Reference https://git.kernel.org/stable/c/cee78217a7ae72d11c2e21e1a5263b8044489823
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.