What is CVE-2023-54062?

CVE-2023-54062 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.14.308 onward and patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-54062 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54062?

CVE-2023-54062 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54062?

Yes, CVE-2023-54062 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 4.14.308 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54062 actively exploited?

CVE-2023-54062 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54062

In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum. However, at this point, the pointer to the xattr entry is no longer valid, because it was removed from the original location where it had been stored. So we could end up calling kvfree() on a pointer which was not allocated by kvmalloc(); or we could also potentially leak memory by not freeing the buffer when it should be freed. Fix this by storing whether it should be freed in a separate variable.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.14.308, 4.19.276, 5.4.235, 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3 and later are affected. Fixed in 4.14.315, 4.19.283, 5.4.243, 5.10.180, 5.15.112, 6.1.29, 6.2.16, 6.3.3, 6.4 and their respective stable series.

Affected from

≥ 4.14.308 ≥ 4.19.276 ≥ 5.4.235 ≥ 5.10.173 ≥ 5.15.99 ≥ 6.1.16 ≥ 6.2.3 ≥ 6.3

Fixed in

✓ 4.14.315 4.14.x ✓ 4.19.283 4.19.x ✓ 5.4.243 5.4.x ✓ 5.10.180 5.10.x ✓ 5.15.112 5.15.x ✓ 6.1.29 6.1.x ✓ 6.2.16 6.2.x ✓ 6.3.3 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-54062 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1a8822343e67432b658145d2760a524c884da9d4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/76887be2a96193cd11be818551b8934ecdb3123f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8beaa3cb293a8f7bacf711cf52201d59859dbc40
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54062?

CVE-2023-54062 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.14.308 onward and has been patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-54062 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54062?

Yes — CVE-2023-54062 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 4.14.308 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54062 actively exploited?

No — CVE-2023-54062 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.