| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123036-CVE-2023-54311-46a2@gregkh>
Date: Tue, 30 Dec 2025 13:24:04 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-54311: ext4: fix deadlock when converting an inline directory in nojournal mode
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix deadlock when converting an inline directory in nojournal mode
In no journal mode, ext4_finish_convert_inline_dir() can self-deadlock
by calling ext4_handle_dirty_dirblock() when it already has taken the
directory lock. There is a similar self-deadlock in
ext4_incvert_inline_data_nolock() for data files which we'll fix at
the same time.
A simple reproducer demonstrating the problem:
mke2fs -Fq -t ext2 -O inline_data -b 4k /dev/vdc 64
mount -t ext4 -o dirsync /dev/vdc /vdc
cd /vdc
mkdir file0
cd file0
touch file0
touch file1
attr -s BurnSpaceInEA -V abcde .
touch supercalifragilisticexpialidocious
The Linux kernel CVE team has assigned CVE-2023-54311 to this issue.
Affected and fixed versions
===========================
Fixed in 5.4.243 with commit b4fa4768c9acff77245d672d855d2c88294850b1
Fixed in 5.10.180 with commit 5f8b55136ad787aed2c184f7cb3e93772ae637a3
Fixed in 5.15.112 with commit 640c8c365999c6f23447ac766437236ad88317c5
Fixed in 6.1.29 with commit 665cc3ba50330049524c1d275bc840a8f28dde73
Fixed in 6.2.16 with commit 0b1c4357bb21d9770451a1bdb8d419ea10bada88
Fixed in 6.3.3 with commit 804de0c72cd473e186ca4e1f6287d45431b14e5a
Fixed in 6.4 with commit f4ce24f54d9cca4f09a395f3eecce20d6bec4663
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-54311
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/ext4/inline.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/b4fa4768c9acff77245d672d855d2c88294850b1
https://git.kernel.org/stable/c/5f8b55136ad787aed2c184f7cb3e93772ae637a3
https://git.kernel.org/stable/c/640c8c365999c6f23447ac766437236ad88317c5
https://git.kernel.org/stable/c/665cc3ba50330049524c1d275bc840a8f28dde73
https://git.kernel.org/stable/c/0b1c4357bb21d9770451a1bdb8d419ea10bada88
https://git.kernel.org/stable/c/804de0c72cd473e186ca4e1f6287d45431b14e5a
https://git.kernel.org/stable/c/f4ce24f54d9cca4f09a395f3eecce20d6bec4663
Powered by blists - more mailing lists