In the Linux kernel, ext4_read_inline_folio previously triggered a BUG_ON when an inline data block exceeded PAGE_SIZE, causing the kernel to panic and making the system unavailable until rebooted. The patch replaces that unconditional panic with proper error handling, logging the corruption via ext4_error_inode(), releasing the buffer head to avoid a leak, and returning -EFSCORRUPTED so the filesystem can continue to operate while the corruption is reported. This change prevents an immediate system crash but still allows recovery of data integrity concerns. The vulnerability could have been leveraged to force denial of service without achieving code execution. The weakness stems from inadequate validation and error reporting in a critical filesystem routine.

All Linux kernel builds before the patch are impacted, across all vendors that ship the standard open‑source kernel. The specific version range is not enumerated, so any kernel that has not received the upstream change remains vulnerable. The issue resides in the ext4 filesystem component and therefore affects all systems that mount ext4 filesystems with the standard kernel release.

Based on the description, it is inferred that the CVSS score of 5.5 and the EPSS score of < 1% indicate medium risk with a low likelihood of exploitation, and the absence from the KEV catalog suggests no known public attacks. The likely attack vector involves causing an inline data block to exceed PAGE_SIZE, which would require writing an excessively large inline file or manipulating filesystem metadata—a scenario that generally needs local privileges or a compromised process. Although exploitation does not provide code execution, it can lead to denial of service and filesystem corruption. The risk profile therefore remains medium to high in environments where inline data can grow unchecked, but practical exploitation remains limited by the need for elevated privileges or manipulation.