#VU108486 Input validation error in Linux kernel - CVE-2023-53143
Published: May 4, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108486
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-53143
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_getfsmap_datadev() function in fs/ext4/fsmap.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/15ebade3266b300da9cd1edce4004fe8fd6a2b88
- https://git.kernel.org/stable/c/1d2366624b4c19a2ba6baf67fe57f4a1b0f67c05
- https://git.kernel.org/stable/c/a70b49dc7eee5dbe3775a650ce598e3557ff5475
- https://git.kernel.org/stable/c/c24f838493792b5e78a3596b4ca96375aa0af4c2
- https://git.kernel.org/stable/c/c5d7c31e17224d847a330180ec1b03bf390632b2
- https://git.kernel.org/stable/c/c993799baf9c5861f8df91beb80e1611b12efcbd
- https://git.kernel.org/stable/c/eb3a695aa71a514f2e7f5778e05faba3733b70a0
- https://git.kernel.org/stable/c/f16054ac1774915160ca4e1c73ff7a269465a1b9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.278