| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122427-CVE-2023-54153-63a8@gregkh> Date: Wed, 24 Dec 2025 14:07:50 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54153: ext4: turn quotas off if mount failed after enabling quotas From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsistent journal feature" that when ext4_mark_recovery_complete() returns an error value, the error handling path does not turn off the enabled quotas, which triggers the following kmemleak: ================================================================ unreferenced object 0xffff8cf68678e7c0 (size 64): comm "mount", pid 746, jiffies 4294871231 (age 11.540s) hex dump (first 32 bytes): 00 90 ef 82 f6 8c ff ff 00 00 00 00 41 01 00 00 ............A... c7 00 00 00 bd 00 00 00 0a 00 00 00 48 00 00 00 ............H... backtrace: [<00000000c561ef24>] __kmem_cache_alloc_node+0x4d4/0x880 [<00000000d4e621d7>] kmalloc_trace+0x39/0x140 [<00000000837eee74>] v2_read_file_info+0x18a/0x3a0 [<0000000088f6c877>] dquot_load_quota_sb+0x2ed/0x770 [<00000000340a4782>] dquot_load_quota_inode+0xc6/0x1c0 [<0000000089a18bd5>] ext4_enable_quotas+0x17e/0x3a0 [ext4] [<000000003a0268fa>] __ext4_fill_super+0x3448/0x3910 [ext4] [<00000000b0f2a8a8>] ext4_fill_super+0x13d/0x340 [ext4] [<000000004a9489c4>] get_tree_bdev+0x1dc/0x370 [<000000006e723bf1>] ext4_get_tree+0x1d/0x30 [ext4] [<00000000c7cb663d>] vfs_get_tree+0x31/0x160 [<00000000320e1bed>] do_new_mount+0x1d5/0x480 [<00000000c074654c>] path_mount+0x22e/0xbe0 [<0000000003e97a8e>] do_mount+0x95/0xc0 [<000000002f3d3736>] __x64_sys_mount+0xc4/0x160 [<0000000027d2140c>] do_syscall_64+0x3f/0x90 ================================================================ To solve this problem, we add a "failed_mount10" tag, and call ext4_quota_off_umount() in this tag to release the enabled qoutas. The Linux kernel CVE team has assigned CVE-2023-54153 to this issue. Affected and fixed versions =========================== Issue introduced in 5.9 with commit 11215630aada28307ba555a43138db6ac54fa825 and fixed in 5.15.121 with commit c327b83c59ee938792a0300df646efac39c7d6a7 Issue introduced in 5.9 with commit 11215630aada28307ba555a43138db6ac54fa825 and fixed in 6.1.40 with commit deef86fa3005cbb61ae8aa5729324c09b3f4ba73 Issue introduced in 5.9 with commit 11215630aada28307ba555a43138db6ac54fa825 and fixed in 6.4.5 with commit 77c3ca1108eb4a26db4f256c42b271a430cebc7d Issue introduced in 5.9 with commit 11215630aada28307ba555a43138db6ac54fa825 and fixed in 6.5 with commit d13f99632748462c32fc95d729f5e754bab06064 Issue introduced in 4.14.196 with commit 60e2824ab30a19c7aaf5a3932bc155d18b2cd816 Issue introduced in 4.19.143 with commit a6d49257cbe53c7bca1a0353a6443f53cbed9cc7 Issue introduced in 5.4.62 with commit 2e7312ddaf629eecf4702b662da477a3bc39c31a Issue introduced in 5.8.6 with commit d558851e5ff443b020245b7a1a455c55accf740b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54153 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ext4/super.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c327b83c59ee938792a0300df646efac39c7d6a7 https://git.kernel.org/stable/c/deef86fa3005cbb61ae8aa5729324c09b3f4ba73 https://git.kernel.org/stable/c/77c3ca1108eb4a26db4f256c42b271a430cebc7d https://git.kernel.org/stable/c/d13f99632748462c32fc95d729f5e754bab06064
Powered by blists - more mailing lists