The vulnerability lies in ext4’s index correction routine. When ext4_ext_correct_indexes() traverses the extent tree, it does not check that the p_idx index is within the number of entries before accessing path[k].p_idx->ei_block. If an attacker can provide a corrupted or intentionally crafted eh_entries value in the on‑disk extent header, p_idx may point past the allocated buffer, causing an out‑of‑bounds kernel memory read. This flaw exposes sensitive kernel data and is classified as CWE‑125. The likely attack vector is local: an attacker who can inject malformed ext4 metadata—such as by writing a malicious filesystem image or corrupting a file system—can trigger the erroneous read.

All Linux kernel releases that ship ext4 support and have not yet applied the patch commit that adds bounds checking to ext4_ext_correct_indexes() are affected. This includes mainstream kernel versions as well as older releases such as the 2.6.19 and 7.0 series. Any distribution or custom kernel using ext4 without the fix remains potentially vulnerable.

The CVSS score of 7.8 signals high severity, yet the EPSS score is below 1% and the vulnerability does not appear in the CISA KEV catalog, indicating a low publicly measured exploitation risk. Exploitation requires an attacker to introduce corrupted ext4 metadata into the system, generally needing local access or the ability to mount a malicious filesystem image. Under those circumstances the flaw could lead to kernel memory disclosure or destabilization; remote exploitation without such access is unlikely.