| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091718-CVE-2023-53337-ac33@gregkh> Date: Wed, 17 Sep 2025 16:56:36 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53337: nilfs2: do not write dirty data after degenerating to read-only From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, mark_buffer_dirty() called from nilfs_segctor_do_construct() outputs a warning with some patterns after nilfs2 detects metadata corruption and degrades to read-only mode. After such read-only degeneration, page cache data may be cleared through nilfs_clear_dirty_page() which may also clear the uptodate flag for their buffer heads. However, even after the degeneration, log writes are still performed by unmount processing etc., which causes mark_buffer_dirty() to be called for buffer heads without the "uptodate" flag and causes the warning. Since any writes should not be done to a read-only file system in the first place, this fixes the warning in mark_buffer_dirty() by letting nilfs_segctor_do_construct() abort early if in read-only mode. This also changes the retry check of nilfs_segctor_write_out() to avoid unnecessary log write retries if it detects -EROFS that nilfs_segctor_do_construct() returned. The Linux kernel CVE team has assigned CVE-2023-53337 to this issue. Affected and fixed versions =========================== Fixed in 4.14.315 with commit bd89073fc7a5d03b1d06b372addbe405e5a925f4 Fixed in 4.19.283 with commit e9c5412c5972124776c1b873533eb39e287a4dfa Fixed in 5.4.243 with commit 4569a292a84e340e97d178898ad1cfe1a3080a61 Fixed in 5.10.180 with commit 7c3e662048053802f6b0db3a78e97f4e1f7edc4f Fixed in 5.15.111 with commit 13f73ef77baa4764dc1ca4fcbae9cade05b83866 Fixed in 6.1.28 with commit a73201c607d8e506358d60aafddda4246bdd9350 Fixed in 6.2.15 with commit 4005cec6847c06ee191583270b7cdd7e696543cc Fixed in 6.3.2 with commit 55f7810632f993cff622a0ddbc7c865892294b61 Fixed in 6.4 with commit 28a65b49eb53e172d23567005465019658bfdb4d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53337 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nilfs2/segment.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/bd89073fc7a5d03b1d06b372addbe405e5a925f4 https://git.kernel.org/stable/c/e9c5412c5972124776c1b873533eb39e287a4dfa https://git.kernel.org/stable/c/4569a292a84e340e97d178898ad1cfe1a3080a61 https://git.kernel.org/stable/c/7c3e662048053802f6b0db3a78e97f4e1f7edc4f https://git.kernel.org/stable/c/13f73ef77baa4764dc1ca4fcbae9cade05b83866 https://git.kernel.org/stable/c/a73201c607d8e506358d60aafddda4246bdd9350 https://git.kernel.org/stable/c/4005cec6847c06ee191583270b7cdd7e696543cc https://git.kernel.org/stable/c/55f7810632f993cff622a0ddbc7c865892294b61 https://git.kernel.org/stable/c/28a65b49eb53e172d23567005465019658bfdb4d
Powered by blists - more mailing lists