Vulnerability-Lookup

RHBA-2024:9014

Vulnerability from csaf_redhat - Published: 2024-11-07 15:10 - Updated: 2026-03-17 11:57

Summary

Red Hat Bug Fix Advisory: updated el9/flatpak-sdk container image

Severity

Low

Notes

Topic: Updated el9/flatpak-sdk container image is now available for Red Hat Enterprise Linux 9.

Details: The el9/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 9 to address the following security advisory: RHSA-2024:8617 (see References) Users of el9/flatpak-sdk container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References).

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-54153

In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsistent journal feature" that when ext4_mark_recovery_complete() returns an error value, the error handling path does not turn off the enabled quotas, which triggers the following kmemleak: ================================================================ unreferenced object 0xffff8cf68678e7c0 (size 64): comm "mount", pid 746, jiffies 4294871231 (age 11.540s) hex dump (first 32 bytes): 00 90 ef 82 f6 8c ff ff 00 00 00 00 41 01 00 00 ............A... c7 00 00 00 bd 00 00 00 0a 00 00 00 48 00 00 00 ............H... backtrace: [<00000000c561ef24>] __kmem_cache_alloc_node+0x4d4/0x880 [<00000000d4e621d7>] kmalloc_trace+0x39/0x140 [<00000000837eee74>] v2_read_file_info+0x18a/0x3a0 [<0000000088f6c877>] dquot_load_quota_sb+0x2ed/0x770 [<00000000340a4782>] dquot_load_quota_inode+0xc6/0x1c0 [<0000000089a18bd5>] ext4_enable_quotas+0x17e/0x3a0 [ext4] [<000000003a0268fa>] __ext4_fill_super+0x3448/0x3910 [ext4] [<00000000b0f2a8a8>] ext4_fill_super+0x13d/0x340 [ext4] [<000000004a9489c4>] get_tree_bdev+0x1dc/0x370 [<000000006e723bf1>] ext4_get_tree+0x1d/0x30 [ext4] [<00000000c7cb663d>] vfs_get_tree+0x31/0x160 [<00000000320e1bed>] do_new_mount+0x1d5/0x480 [<00000000c074654c>] path_mount+0x22e/0xbe0 [<0000000003e97a8e>] do_mount+0x95/0xc0 [<000000002f3d3736>] __x64_sys_mount+0xc4/0x160 [<0000000027d2140c>] do_syscall_64+0x3f/0x90 ================================================================ To solve this problem, we add a "failed_mount10" tag, and call ext4_quota_off_umount() in this tag to release the enabled qoutas.

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64		—	Vendor Fix fix

Threats

Impact Low

References

30 references

URL	Category
https://access.redhat.com/errata/RHBA-2024:9014	self
https://access.redhat.com/errata/RHSA-2024:8617	external
https://catalog.redhat.com/software/containers/re…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268118	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270100	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275604	external
https://bugzilla.redhat.com/show_bug.cgi?id=2277171	external
https://bugzilla.redhat.com/show_bug.cgi?id=2278176	external
https://bugzilla.redhat.com/show_bug.cgi?id=2278235	external
https://bugzilla.redhat.com/show_bug.cgi?id=2282357	external
https://bugzilla.redhat.com/show_bug.cgi?id=2293654	external
https://bugzilla.redhat.com/show_bug.cgi?id=2296067	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297476	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297488	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297515	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297544	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297556	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297561	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297579	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297582	external
https://bugzilla.redhat.com/show_bug.cgi?id=2297589	external
https://bugzilla.redhat.com/show_bug.cgi?id=2300296	external
https://bugzilla.redhat.com/show_bug.cgi?id=2300297	external
https://bugzilla.redhat.com/show_bug.cgi?id=2311715	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-54153	self
https://bugzilla.redhat.com/show_bug.cgi?id=2425153	external
https://www.cve.org/CVERecord?id=CVE-2023-54153	external
https://nvd.nist.gov/vuln/detail/CVE-2023-54153	external
https://lore.kernel.org/linux-cve-announce/202512…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated el9/flatpak-sdk container image is now available for Red Hat Enterprise Linux 9.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The el9/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 9 to address the following security advisory: RHSA-2024:8617 (see References)\n\nUsers of el9/flatpak-sdk container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2024:9014",
        "url": "https://access.redhat.com/errata/RHBA-2024:9014"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/errata/RHSA-2024:8617",
        "url": "https://access.redhat.com/errata/RHSA-2024:8617"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/el9/flatpak-sdk",
        "url": "https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/el9/flatpak-sdk"
      },
      {
        "category": "external",
        "summary": "2268118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268118"
      },
      {
        "category": "external",
        "summary": "2270100",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270100"
      },
      {
        "category": "external",
        "summary": "2275604",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275604"
      },
      {
        "category": "external",
        "summary": "2277171",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277171"
      },
      {
        "category": "external",
        "summary": "2278176",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278176"
      },
      {
        "category": "external",
        "summary": "2278235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278235"
      },
      {
        "category": "external",
        "summary": "2282357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282357"
      },
      {
        "category": "external",
        "summary": "2293654",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293654"
      },
      {
        "category": "external",
        "summary": "2296067",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296067"
      },
      {
        "category": "external",
        "summary": "2297476",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297476"
      },
      {
        "category": "external",
        "summary": "2297488",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297488"
      },
      {
        "category": "external",
        "summary": "2297515",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297515"
      },
      {
        "category": "external",
        "summary": "2297544",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297544"
      },
      {
        "category": "external",
        "summary": "2297556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297556"
      },
      {
        "category": "external",
        "summary": "2297561",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297561"
      },
      {
        "category": "external",
        "summary": "2297579",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297579"
      },
      {
        "category": "external",
        "summary": "2297582",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297582"
      },
      {
        "category": "external",
        "summary": "2297589",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297589"
      },
      {
        "category": "external",
        "summary": "2300296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300296"
      },
      {
        "category": "external",
        "summary": "2300297",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300297"
      },
      {
        "category": "external",
        "summary": "2311715",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311715"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_9014.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: updated el9/flatpak-sdk container image",
    "tracking": {
      "current_release_date": "2026-03-17T11:57:05+00:00",
      "generator": {
        "date": "2026-03-17T11:57:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHBA-2024:9014",
      "initial_release_date": "2024-11-07T15:10:30+00:00",
      "revision_history": [
        {
          "date": "2024-11-07T15:10:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-11-07T15:10:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-17T11:57:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64",
                "product": {
                  "name": "rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64",
                  "product_id": "rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482?arch=amd64\u0026repository_url=registry.redhat.io/rhel9/flatpak-sdk\u0026tag=el9-9040020240312160503.1730252513"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64"
        },
        "product_reference": "rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-54153",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2025-12-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2425153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: turn quotas off if mount failed after enabling quotas\n\nYi found during a review of the patch \"ext4: don\u0027t BUG on inconsistent\njournal feature\" that when ext4_mark_recovery_complete() returns an error\nvalue, the error handling path does not turn off the enabled quotas,\nwhich triggers the following kmemleak:\n\n================================================================\nunreferenced object 0xffff8cf68678e7c0 (size 64):\ncomm \"mount\", pid 746, jiffies 4294871231 (age 11.540s)\nhex dump (first 32 bytes):\n00 90 ef 82 f6 8c ff ff 00 00 00 00 41 01 00 00  ............A...\nc7 00 00 00 bd 00 00 00 0a 00 00 00 48 00 00 00  ............H...\nbacktrace:\n[\u003c00000000c561ef24\u003e] __kmem_cache_alloc_node+0x4d4/0x880\n[\u003c00000000d4e621d7\u003e] kmalloc_trace+0x39/0x140\n[\u003c00000000837eee74\u003e] v2_read_file_info+0x18a/0x3a0\n[\u003c0000000088f6c877\u003e] dquot_load_quota_sb+0x2ed/0x770\n[\u003c00000000340a4782\u003e] dquot_load_quota_inode+0xc6/0x1c0\n[\u003c0000000089a18bd5\u003e] ext4_enable_quotas+0x17e/0x3a0 [ext4]\n[\u003c000000003a0268fa\u003e] __ext4_fill_super+0x3448/0x3910 [ext4]\n[\u003c00000000b0f2a8a8\u003e] ext4_fill_super+0x13d/0x340 [ext4]\n[\u003c000000004a9489c4\u003e] get_tree_bdev+0x1dc/0x370\n[\u003c000000006e723bf1\u003e] ext4_get_tree+0x1d/0x30 [ext4]\n[\u003c00000000c7cb663d\u003e] vfs_get_tree+0x31/0x160\n[\u003c00000000320e1bed\u003e] do_new_mount+0x1d5/0x480\n[\u003c00000000c074654c\u003e] path_mount+0x22e/0xbe0\n[\u003c0000000003e97a8e\u003e] do_mount+0x95/0xc0\n[\u003c000000002f3d3736\u003e] __x64_sys_mount+0xc4/0x160\n[\u003c0000000027d2140c\u003e] do_syscall_64+0x3f/0x90\n================================================================\n\nTo solve this problem, we add a \"failed_mount10\" tag, and call\next4_quota_off_umount() in this tag to release the enabled qoutas.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ext4: turn quotas off if mount failed after enabling quotas",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-54153"
        },
        {
          "category": "external",
          "summary": "RHBZ#2425153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-54153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-54153"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-54153",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54153"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025122427-CVE-2023-54153-63a8@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025122427-CVE-2023-54153-63a8@gregkh/T"
        }
      ],
      "release_date": "2025-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-07T15:10:30+00:00",
          "details": "The Red Hat Enterprise Linux 9 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:9014"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:rhel9/flatpak-sdk@sha256:9a63aa98a01d682cad15bba49376a3b0c05c6402f0c8d9f16c5d4d68e840c482_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: ext4: turn quotas off if mount failed after enabling quotas"
    }
  ]
}

CVE-2023-54153 (GCVE-0-2023-54153)

Vulnerability from cvelistv5 – Published: 2025-12-24 13:07 – Updated: 2026-05-23 15:33

Title

ext4: turn quotas off if mount failed after enabling quotas

Summary

Severity

No CVSS data available.

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/c327b83c59ee93879…
https://git.kernel.org/stable/c/deef86fa3005cbb61…
https://git.kernel.org/stable/c/77c3ca1108eb4a26d…
https://git.kernel.org/stable/c/d13f99632748462c3…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 11215630aada28307ba555a43138db6ac54fa825 , < c327b83c59ee938792a0300df646efac39c7d6a7 (git) Affected: 11215630aada28307ba555a43138db6ac54fa825 , < deef86fa3005cbb61ae8aa5729324c09b3f4ba73 (git) Affected: 11215630aada28307ba555a43138db6ac54fa825 , < 77c3ca1108eb4a26db4f256c42b271a430cebc7d (git) Affected: 11215630aada28307ba555a43138db6ac54fa825 , < d13f99632748462c32fc95d729f5e754bab06064 (git) Affected: 60e2824ab30a19c7aaf5a3932bc155d18b2cd816 (git) Affected: a6d49257cbe53c7bca1a0353a6443f53cbed9cc7 (git) Affected: 2e7312ddaf629eecf4702b662da477a3bc39c31a (git) Affected: d558851e5ff443b020245b7a1a455c55accf740b (git) Affected: 4.14.196 , < 4.15 (semver) Affected: 4.19.143 , < 4.20 (semver) Affected: 5.4.62 , < 5.5 (semver) Affected: 5.8.6 , < 5.9 (semver)
Linux	Linux	Affected: 5.9 Unaffected: 0 , < 5.9 (semver) Unaffected: 5.15.121 , ≤ 5.15.* (semver) Unaffected: 6.1.40 , ≤ 6.1.* (semver) Unaffected: 6.4.5 , ≤ 6.4.* (semver) Unaffected: 6.5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c327b83c59ee938792a0300df646efac39c7d6a7",
              "status": "affected",
              "version": "11215630aada28307ba555a43138db6ac54fa825",
              "versionType": "git"
            },
            {
              "lessThan": "deef86fa3005cbb61ae8aa5729324c09b3f4ba73",
              "status": "affected",
              "version": "11215630aada28307ba555a43138db6ac54fa825",
              "versionType": "git"
            },
            {
              "lessThan": "77c3ca1108eb4a26db4f256c42b271a430cebc7d",
              "status": "affected",
              "version": "11215630aada28307ba555a43138db6ac54fa825",
              "versionType": "git"
            },
            {
              "lessThan": "d13f99632748462c32fc95d729f5e754bab06064",
              "status": "affected",
              "version": "11215630aada28307ba555a43138db6ac54fa825",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "60e2824ab30a19c7aaf5a3932bc155d18b2cd816",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a6d49257cbe53c7bca1a0353a6443f53cbed9cc7",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2e7312ddaf629eecf4702b662da477a3bc39c31a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d558851e5ff443b020245b7a1a455c55accf740b",
              "versionType": "git"
            },
            {
              "lessThan": "4.15",
              "status": "affected",
              "version": "4.14.196",
              "versionType": "semver"
            },
            {
              "lessThan": "4.20",
              "status": "affected",
              "version": "4.19.143",
              "versionType": "semver"
            },
            {
              "lessThan": "5.5",
              "status": "affected",
              "version": "5.4.62",
              "versionType": "semver"
            },
            {
              "lessThan": "5.9",
              "status": "affected",
              "version": "5.8.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.40",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.5",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.196",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.143",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.62",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.8.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: turn quotas off if mount failed after enabling quotas\n\nYi found during a review of the patch \"ext4: don\u0027t BUG on inconsistent\njournal feature\" that when ext4_mark_recovery_complete() returns an error\nvalue, the error handling path does not turn off the enabled quotas,\nwhich triggers the following kmemleak:\n\n================================================================\nunreferenced object 0xffff8cf68678e7c0 (size 64):\ncomm \"mount\", pid 746, jiffies 4294871231 (age 11.540s)\nhex dump (first 32 bytes):\n00 90 ef 82 f6 8c ff ff 00 00 00 00 41 01 00 00  ............A...\nc7 00 00 00 bd 00 00 00 0a 00 00 00 48 00 00 00  ............H...\nbacktrace:\n[\u003c00000000c561ef24\u003e] __kmem_cache_alloc_node+0x4d4/0x880\n[\u003c00000000d4e621d7\u003e] kmalloc_trace+0x39/0x140\n[\u003c00000000837eee74\u003e] v2_read_file_info+0x18a/0x3a0\n[\u003c0000000088f6c877\u003e] dquot_load_quota_sb+0x2ed/0x770\n[\u003c00000000340a4782\u003e] dquot_load_quota_inode+0xc6/0x1c0\n[\u003c0000000089a18bd5\u003e] ext4_enable_quotas+0x17e/0x3a0 [ext4]\n[\u003c000000003a0268fa\u003e] __ext4_fill_super+0x3448/0x3910 [ext4]\n[\u003c00000000b0f2a8a8\u003e] ext4_fill_super+0x13d/0x340 [ext4]\n[\u003c000000004a9489c4\u003e] get_tree_bdev+0x1dc/0x370\n[\u003c000000006e723bf1\u003e] ext4_get_tree+0x1d/0x30 [ext4]\n[\u003c00000000c7cb663d\u003e] vfs_get_tree+0x31/0x160\n[\u003c00000000320e1bed\u003e] do_new_mount+0x1d5/0x480\n[\u003c00000000c074654c\u003e] path_mount+0x22e/0xbe0\n[\u003c0000000003e97a8e\u003e] do_mount+0x95/0xc0\n[\u003c000000002f3d3736\u003e] __x64_sys_mount+0xc4/0x160\n[\u003c0000000027d2140c\u003e] do_syscall_64+0x3f/0x90\n================================================================\n\nTo solve this problem, we add a \"failed_mount10\" tag, and call\next4_quota_off_umount() in this tag to release the enabled qoutas."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:33:34.547Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c327b83c59ee938792a0300df646efac39c7d6a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/deef86fa3005cbb61ae8aa5729324c09b3f4ba73"
        },
        {
          "url": "https://git.kernel.org/stable/c/77c3ca1108eb4a26db4f256c42b271a430cebc7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d13f99632748462c32fc95d729f5e754bab06064"
        }
      ],
      "title": "ext4: turn quotas off if mount failed after enabling quotas",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54153",
    "datePublished": "2025-12-24T13:07:04.007Z",
    "dateReserved": "2025-12-24T13:02:52.529Z",
    "dateUpdated": "2026-05-23T15:33:34.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHBA-2024:9014

CVE-2023-54153 (GCVE-0-2023-54153)

Tags

Sightings

Nomenclature