| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120955-CVE-2023-53835-0142@gregkh>
Date: Tue, 9 Dec 2025 10:31:19 +0900
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53835: ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
When a file system currently mounted read/only is remounted
read/write, if we clear the SB_RDONLY flag too early, before the quota
is initialized, and there is another process/thread constantly
attempting to create a directory, it's possible to trigger the
WARN_ON_ONCE(dquot_initialize_needed(inode));
in ext4_xattr_block_set(), with the following stack trace:
WARNING: CPU: 0 PID: 5338 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
Call Trace:
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x347e/0x43d0 fs/ext4/ialloc.c:1324
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2992
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
The Linux kernel CVE team has assigned CVE-2023-53835 to this issue.
Affected and fixed versions
===========================
Fixed in 5.10.181 with commit 5c87115520d2451f5689be7d9a463450d5b1bd96
Fixed in 5.15.113 with commit c53936d9fb35287ed81ec412a5b494729268a64d
Fixed in 6.1.30 with commit cd2341c26fb6cf45445de70cfd01022cb634746b
Fixed in 6.3.4 with commit 5570ac70264021c3a9b0c55e0e6d7a90f25cebbc
Fixed in 6.4 with commit a44be64bbecb15a452496f60db6eacfee2b59c79
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-53835
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/ext4/super.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/5c87115520d2451f5689be7d9a463450d5b1bd96
https://git.kernel.org/stable/c/c53936d9fb35287ed81ec412a5b494729268a64d
https://git.kernel.org/stable/c/cd2341c26fb6cf45445de70cfd01022cb634746b
https://git.kernel.org/stable/c/5570ac70264021c3a9b0c55e0e6d7a90f25cebbc
https://git.kernel.org/stable/c/a44be64bbecb15a452496f60db6eacfee2b59c79
Powered by blists - more mailing lists