DEBIAN-CVE-2023-53511
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53511
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53511.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53511
- Upstream
- Published
- 2025-10-01T12:15:55.030Z
- Modified
- 2025-11-14T03:05:48.826197Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. [1] Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile /mnt/ocfs2/ ./link-cp /mnt/ocfs2/testfile /mnt/ocfs2/testfile.1 umount /mnt/ocfs2 Then umount will fail, and it outputs: umount: /mnt/ocfs2: target is busy. While tracing umount, it blames mntgetcount() not return as expected. Do a deep investigation for fget()/fput() on related code flow, I've finally found that fget() leaks since ocfs2 doesn't support nowait buffered read. ioissuesqe |-ioassignfile // do fget() first |-ioread |-ioiterdoread |-ocfs2filereaditer // return -EOPNOTSUPP |-kiocbdone |-iorwdone |-_iocompleterwcommon // set REQFREISSUE |-ioresubmitprep |-ioreqprep_async // override req->file, leak happens This was introduced by commit a196c78b5443 in v5.18. Fix it by don't re-assign req->file if it has already been assigned. [1] https://lore.kernel.org/ocfs2-devel/ab580a75-91c8-d68a-3455-40361be1bfa8@linux.alibaba.com/T/#t
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source