| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120959-CVE-2023-53845-b919@gregkh> Date: Tue, 9 Dec 2025 10:31:29 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53845: nilfs2: fix infinite loop in nilfs_mdt_get_block() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfs_mdt_get_block() If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file. This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinitely. In particular, if this happens to the inode metadata file, ifile, semaphore i_rwsem can be left held, causing task hangs in lock_mount. Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block address translation failures with -ENOENT as metadata corruption instead of returning the error code. The Linux kernel CVE team has assigned CVE-2023-53845 to this issue. Affected and fixed versions =========================== Fixed in 4.14.315 with commit cfb0bb4fbd40c1f06da7e9f88c0a2d46155b90c2 Fixed in 4.19.283 with commit d536f9976bb04e9c84cf80045a9355975e418f41 Fixed in 5.4.243 with commit fe1cbbcb1a2532ee1654e1ff121be8906d83c6f0 Fixed in 5.10.180 with commit 8a89d36a07afe1ed4564df51fefa2bb556c85412 Fixed in 5.15.111 with commit 8d07d9119642ba43d21f8ba64d51d01931096b20 Fixed in 6.1.28 with commit 25457d07c8146e57d28906c663def033dc425af6 Fixed in 6.2.15 with commit 34c5f17222b50c79848bb03ec8811648813e6a45 Fixed in 6.3.2 with commit 5b29661669cb65b9750a3cf70ed3eaf947b92167 Fixed in 6.4 with commit a6a491c048882e7e424d407d32cba0b52d9ef2bf Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53845 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nilfs2/bmap.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cfb0bb4fbd40c1f06da7e9f88c0a2d46155b90c2 https://git.kernel.org/stable/c/d536f9976bb04e9c84cf80045a9355975e418f41 https://git.kernel.org/stable/c/fe1cbbcb1a2532ee1654e1ff121be8906d83c6f0 https://git.kernel.org/stable/c/8a89d36a07afe1ed4564df51fefa2bb556c85412 https://git.kernel.org/stable/c/8d07d9119642ba43d21f8ba64d51d01931096b20 https://git.kernel.org/stable/c/25457d07c8146e57d28906c663def033dc425af6 https://git.kernel.org/stable/c/34c5f17222b50c79848bb03ec8811648813e6a45 https://git.kernel.org/stable/c/5b29661669cb65b9750a3cf70ed3eaf947b92167 https://git.kernel.org/stable/c/a6a491c048882e7e424d407d32cba0b52d9ef2bf
Powered by blists - more mailing lists