CVE-2023-53317

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53317
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53317.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53317
Downstream
Related
Published
2025-09-16T16:11:53.877Z
Modified
2025-11-28T02:34:06.068614Z
Summary
ext4: fix WARNING in mb_find_extent
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix WARNING in mbfindextent

Syzbot found the following issue:

EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioreadnolock, ODIRECT and fastcommit support! EXT4-fs (loop0): orphan cleanup on readonly fs ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5067 at fs/ext4/mballoc.c:1869 mbfindextent+0x8a1/0xe30 Modules linked in: CPU: 1 PID: 5067 Comm: syz-executor307 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:mbfindextent+0x8a1/0xe30 fs/ext4/mballoc.c:1869 RSP: 0018:ffffc90003c9e098 EFLAGS: 00010293 RAX: ffffffff82405731 RBX: 0000000000000041 RCX: ffff8880783457c0 RDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000000000040 RBP: 0000000000000040 R08: ffffffff82405723 R09: ffffed10053c9402 R10: ffffed10053c9402 R11: 1ffff110053c9401 R12: 0000000000000000 R13: ffffc90003c9e538 R14: dffffc0000000000 R15: ffffc90003c9e2cc FS: 0000555556665300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056312f6796f8 CR3: 0000000022437000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ext4mbcomplexscangroup+0x353/0x1100 fs/ext4/mballoc.c:2307 ext4mbregularallocator+0x1533/0x3860 fs/ext4/mballoc.c:2735 ext4mbnewblocks+0xddf/0x3db0 fs/ext4/mballoc.c:5605 ext4extmapblocks+0x1868/0x6880 fs/ext4/extents.c:4286 ext4mapblocks+0xa49/0x1cc0 fs/ext4/inode.c:651 ext4getblk+0x1b9/0x770 fs/ext4/inode.c:864 ext4bread+0x2a/0x170 fs/ext4/inode.c:920 ext4quotawrite+0x225/0x570 fs/ext4/super.c:7105 writeblk fs/quota/quotatree.c:64 [inline] getfreedqblk+0x34a/0x6d0 fs/quota/quotatree.c:130 doinserttree+0x26b/0x1aa0 fs/quota/quotatree.c:340 doinserttree+0x722/0x1aa0 fs/quota/quotatree.c:375 doinserttree+0x722/0x1aa0 fs/quota/quotatree.c:375 doinserttree+0x722/0x1aa0 fs/quota/quotatree.c:375 dqinserttree fs/quota/quotatree.c:401 [inline] qtreewritedquot+0x3b6/0x530 fs/quota/quotatree.c:420 v2writedquot+0x11b/0x190 fs/quota/quotav2.c:358 dquotacquire+0x348/0x670 fs/quota/dquot.c:444 ext4acquiredquot+0x2dc/0x400 fs/ext4/super.c:6740 dqget+0x999/0xdc0 fs/quota/dquot.c:914 _dquotinitialize+0x3d0/0xcf0 fs/quota/dquot.c:1492 ext4processorphan+0x57/0x2d0 fs/ext4/orphan.c:329 ext4orphancleanup+0xb60/0x1340 fs/ext4/orphan.c:474 _ext4fillsuper fs/ext4/super.c:5516 [inline] ext4fillsuper+0x81cd/0x8700 fs/ext4/super.c:5644 gettreebdev+0x400/0x620 fs/super.c:1282 vfsgettree+0x88/0x270 fs/super.c:1489 donewmount+0x289/0xad0 fs/namespace.c:3145 domount fs/namespace.c:3488 [inline] _dosysmount fs/namespace.c:3697 [inline] _sesysmount+0x2d3/0x3c0 fs/namespace.c:3674 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3d/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64after_hwframe+0x63/0xcd

Add some debug information: mbfindextent: mbfindextent block=41, order=0 needed=64 next=0 ex=0/41/1@3735929054 64 64 7 block_bitmap: ff 3f 0c 00 fc 01 00 00 d2 3d 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Acctually, blocks per group is 64, but block bitmap indicate at least has 128 blocks. Now, ext4validateblock_bitmap() didn't check invalid block's bitmap if set. To resolve above issue, add check like fsck "Padding at end of block bitmap is not set".

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53317.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
775b00ba23f6f916fe2ac60c5ff7fd0fe4f28d0d
Fixed
1b90fbc7590124c57a2e590de7fd07eba26606f1
Fixed
5d356d902e9d5b1aaaaf2326d365340fa8a90c1b
Fixed
d55e76e11592a1d18a179c7fd34ca1b52632beb3
Fixed
dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3
Fixed
e4d503c956a744cb59e509ca5f134cfad423c7a3
Fixed
dd45e536f47a82e0a405f9a4b6c7ceb367171ee9
Fixed
fa08a7b61dff8a4df11ff1e84abfc214b487caf7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.283
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.243
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.180
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.112
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.29
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.16
Type
ECOSYSTEM
Events
Introduced
6.3.0
Fixed
6.3.3