CVE-2023-53270
- Source
- https://cve.org/CVERecord?id=CVE-2023-53270
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53270.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53270
- Downstream
- Related
- Published
- 2025-09-16T08:06:59.730Z
- Modified
- 2026-04-11T12:46:43.961290Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ext4: fix i_disksize exceeding i_size problem in paritally written case
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix idisksize exceeding isize problem in paritally written case
It is possible for idisksize can exceed isize, triggering a warning.
genericperformwrite copied = iovitercopyfromuseratomic(len) // copied < len ext4dawriteend | ext4updateidisksize | newisize = pos + copied; | WRITEONCE(EXT4I(inode)->idisksize, newsize) // update idisksize | genericwriteend | copied = blockwriteend(copied, len) // copied = 0 | if (unlikely(copied < len)) | if (!PageUptodate(page)) | copied = 0; | if (pos + copied > inode->isize) // return false if (unlikely(copied == 0)) goto again; if (unlikely(ioviterfaultinreadable(i, bytes))) { status = -EFAULT; break; }
We get idisksize greater than isize here, which could trigger WARNING check 'isizeread(inode) < EXT4I(inode)->idisksize' while doing dio:
ext4diowriteiter iomapdio_rw _iomapdiorw // return err, length is not aligned to 512 ext4handleinodeextension WARNONONCE(isizeread(inode) < EXT4I(inode)->idisksize) // Oops
WARNING: CPU: 2 PID: 2609 at fs/ext4/file.c:319 CPU: 2 PID: 2609 Comm: aa Not tainted 6.3.0-rc2 RIP: 0010:ext4filewriteiter+0xbc7 Call Trace: vfswrite+0x3b1 ksyswrite+0x77 dosyscall_64+0x39
Fix it by updating 'copied' value before updating idisksize just like ext4writeinlinedata_end() does.
A reproducer can be found in the buganizer link below.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53270.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/18eb23891aeae3229baf8c7c23b76be3364e1967
- https://git.kernel.org/stable/c/1dedde690303c05ef732b7c5c8356fdf60a4ade3
- https://git.kernel.org/stable/c/3ecea2fee14227712694c8b54ad99d471e61de92
- https://git.kernel.org/stable/c/53877ed201baa6b58f7ce9df92664a839113c30e
- https://git.kernel.org/stable/c/d30090eb546d993ea3f3023452540c476ea614a5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53270.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53270
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced64769240bd07f446f83660bb143bb609d8ab4910Fixed18eb23891aeae3229baf8c7c23b76be3364e1967Fixedd30090eb546d993ea3f3023452540c476ea614a5Fixed3ecea2fee14227712694c8b54ad99d471e61de92Fixed53877ed201baa6b58f7ce9df92664a839113c30eFixed1dedde690303c05ef732b7c5c8356fdf60a4ade3