{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53285","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-16T08:09:37.991Z","datePublished":"2025-09-16T08:11:18.585Z","dateUpdated":"2026-05-11T19:41:59.032Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:41:59.032Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: add bounds checking in get_max_inline_xattr_value_size()\n\nNormally the extended attributes in the inode body would have been\nchecked when the inode is first opened, but if someone is writing to\nthe block device while the file system is mounted, it's possible for\nthe inode table to get corrupted.  Add bounds checking to avoid\nreading beyond the end of allocated memory if this happens."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/inline.c"],"versions":[{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"5a229d21b98d132673096710e8281ef522dab1d1","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"3d7b8fbcd2273e2b9f4c6de5ce2f4c0cd3cb1205","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"486efbbc9445dca7890a1b86adbccb88b91284b0","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"4597554b4f7b29e7fd78aa449bab648f8da4ee2c","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"f22b274429e88d3dc7e79d375b56ce4f2f59f0b4","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"1d2caddbeeee56fbbc36b428c5b909c3ad88eb7f","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"e780058bd75614b66882bc02620ddbd884171560","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"88a06a94942c5c0a896e9da1113a6bb29e36cbef","status":"affected","versionType":"git"},{"version":"67cf5b09a46f72e048501b84996f2f77bc42e947","lessThan":"2220eaf90992c11d888fe771055d4de330385f01","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/inline.c"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"4.14.315","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.283","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.243","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.180","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.112","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.29","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.16","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3.3","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.14.315"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.19.283"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.4.243"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.180"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.15.112"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.1.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.2.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.3.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5a229d21b98d132673096710e8281ef522dab1d1"},{"url":"https://git.kernel.org/stable/c/3d7b8fbcd2273e2b9f4c6de5ce2f4c0cd3cb1205"},{"url":"https://git.kernel.org/stable/c/486efbbc9445dca7890a1b86adbccb88b91284b0"},{"url":"https://git.kernel.org/stable/c/4597554b4f7b29e7fd78aa449bab648f8da4ee2c"},{"url":"https://git.kernel.org/stable/c/f22b274429e88d3dc7e79d375b56ce4f2f59f0b4"},{"url":"https://git.kernel.org/stable/c/1d2caddbeeee56fbbc36b428c5b909c3ad88eb7f"},{"url":"https://git.kernel.org/stable/c/e780058bd75614b66882bc02620ddbd884171560"},{"url":"https://git.kernel.org/stable/c/88a06a94942c5c0a896e9da1113a6bb29e36cbef"},{"url":"https://git.kernel.org/stable/c/2220eaf90992c11d888fe771055d4de330385f01"}],"title":"ext4: add bounds checking in get_max_inline_xattr_value_size()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53285","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-01-14T18:09:24.423172Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:12:55.248Z"}}]}}