Preface: The vulnerability was fixed in Aug 2022. This is not a zero day and therefore published this month.
Background: ext4 is the default file system for many Linux distributions including Debian and Ubuntu. Furthermore, ext4 is the default file system for DigitalOcean Volumes Block Storage. Also, Google has used Ext4 on Android since Android 2.3.
To create files on Ext4, you need to format the partition with the Ext4 file system using the mkfs.ext4 command:
mke4fs -t ext4 blockdevice
Vulnerability details: A use-after-free vulnerability was found in the Linux kernel’s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-2513