CVE-2023-53306

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53306
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53306.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53306
Downstream
Published
2025-09-16T16:11:45.592Z
Modified
2026-02-20T10:10:36.334962Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
fsdax: force clear dirty mark if CoW
Details

In the Linux kernel, the following vulnerability has been resolved:

fsdax: force clear dirty mark if CoW

XFS allows CoW on non-shared extents to combat fragmentation[1]. The old non-shared extent could be mwrited before, its dax entry is marked dirty.

This results in a WARNing:

[ 28.512349] ------------[ cut here ]------------ [ 28.512622] WARNING: CPU: 2 PID: 5255 at fs/dax.c:390 daxinsertentry+0x342/0x390 [ 28.513050] Modules linked in: rpcsecgsskrb5 authrpcgss nfsv4 nfs lockd grace fscache netfs nftfibinet nftfibipv4 nftfibipv6 nftfib nftrejectinet nfrejectipv4 nfrejectipv6 nftreject nftct nfconntrack nfdefragipv6 nfdefragipv4 ipset nftables [ 28.515462] CPU: 2 PID: 5255 Comm: fsstress Kdump: loaded Not tainted 6.3.0-rc1-00001-g85e1481e19c1-dirty #117 [ 28.515902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.1-1-1 04/01/2014 [ 28.516307] RIP: 0010:daxinsertentry+0x342/0x390 [ 28.516536] Code: 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 8b 45 20 48 83 c0 01 e9 e2 fe ff ff 48 8b 45 20 48 83 c0 01 e9 cd fe ff ff <0f> 0b e9 53 ff ff ff 48 8b 7c 24 08 31 f6 e8 1b 61 a1 00 eb 8c 48 [ 28.517417] RSP: 0000:ffffc9000845fb18 EFLAGS: 00010086 [ 28.517721] RAX: 0000000000000053 RBX: 0000000000000155 RCX: 000000000018824b [ 28.518113] RDX: 0000000000000000 RSI: ffffffff827525a6 RDI: 00000000ffffffff [ 28.518515] RBP: ffffea00062092c0 R08: 0000000000000000 R09: ffffc9000845f9c8 [ 28.518905] R10: 0000000000000003 R11: ffffffff82ddb7e8 R12: 0000000000000155 [ 28.519301] R13: 0000000000000000 R14: 000000000018824b R15: ffff88810cfa76b8 [ 28.519703] FS: 00007f14a0c94740(0000) GS:ffff88817bd00000(0000) knlGS:0000000000000000 [ 28.520148] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.520472] CR2: 00007f14a0c8d000 CR3: 000000010321c004 CR4: 0000000000770ee0 [ 28.520863] PKRU: 55555554 [ 28.521043] Call Trace: [ 28.521219] <TASK> [ 28.521368] daxfaultiter+0x196/0x390 [ 28.521595] daxiomapptefault+0x19b/0x3d0 [ 28.521852] __xfsfilemapfault+0x234/0x2b0 [ 28.522116] __dofault+0x30/0x130 [ 28.522334] dofault+0x193/0x340 [ 28.522586] __handlemmfault+0x2d3/0x690 [ 28.522975] handlemmfault+0xe6/0x2c0 [ 28.523259] douseraddrfault+0x1bc/0x6f0 [ 28.523521] excpagefault+0x60/0x140 [ 28.523763] asmexcpagefault+0x22/0x30 [ 28.524001] RIP: 0033:0x7f14a0b589ca [ 28.524225] Code: c5 fe 7f 07 c5 fe 7f 47 20 c5 fe 7f 47 40 c5 fe 7f 47 60 c5 f8 77 c3 66 0f 1f 84 00 00 00 00 00 40 0f b6 c6 48 89 d1 48 89 fa <f3> aa 48 89 d0 c5 f8 77 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 28.525198] RSP: 002b:00007fff1dea1c98 EFLAGS: 00010202 [ 28.525505] RAX: 000000000000001e RBX: 000000000014a000 RCX: 0000000000006046 [ 28.525895] RDX: 00007f14a0c82000 RSI: 000000000000001e RDI: 00007f14a0c8d000 [ 28.526290] RBP: 000000000000006f R08: 0000000000000004 R09: 000000000014a000 [ 28.526681] R10: 0000000000000008 R11: 0000000000000246 R12: 028f5c28f5c28f5c [ 28.527067] R13: 8f5c28f5c28f5c29 R14: 0000000000011046 R15: 00007f14a0c946c0 [ 28.527449] </TASK> [ 28.527600] ---[ end trace 0000000000000000 ]---

To be able to delete this entry, clear its dirty mark before invalidateinodepages2_range().

[1] https://lore.kernel.org/linux-xfs/20230321151339.GA11376@frogsfrogsfrogs/

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53306.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f80e1668888f34c0764822e74953c997daf2ccdb
Fixed
fac05f800abb63dc4d7cc48fe7edf16e0520dc1f
Fixed
f76b3a32879de215ced3f8c754c4077b0c2f79e3

Affected versions

v6.*
v6.1
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.10
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4

Database specific

vanir_signatures 
[
    {
        "digest": {
            "line_hashes": [
                "176540074700061860743674638061942633960",
                "110798297610754256765720153429765960989",
                "143122065928957936944861151859826086856",
                "249597284746136664065558905167936763185",
                "306429890562274967453678850529045750081",
                "3421676822174376016989772594801064701",
                "89935328294068764987388179413478959603"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f76b3a32879de215ced3f8c754c4077b0c2f79e3",
        "id": "CVE-2023-53306-6d3bf0d4",
        "target": {
            "file": "fs/dax.c"
        }
    },
    {
        "digest": {
            "function_hash": "6345545063657907560793951382537687230",
            "length": 1941.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f76b3a32879de215ced3f8c754c4077b0c2f79e3",
        "id": "CVE-2023-53306-78b6d92e",
        "target": {
            "function": "dax_iomap_iter",
            "file": "fs/dax.c"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "176540074700061860743674638061942633960",
                "110798297610754256765720153429765960989",
                "143122065928957936944861151859826086856",
                "249597284746136664065558905167936763185",
                "306429890562274967453678850529045750081",
                "3421676822174376016989772594801064701",
                "89935328294068764987388179413478959603"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fac05f800abb63dc4d7cc48fe7edf16e0520dc1f",
        "id": "CVE-2023-53306-8ab07a02",
        "target": {
            "file": "fs/dax.c"
        }
    },
    {
        "digest": {
            "function_hash": "6345545063657907560793951382537687230",
            "length": 1941.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fac05f800abb63dc4d7cc48fe7edf16e0520dc1f",
        "id": "CVE-2023-53306-9dce700b",
        "target": {
            "function": "dax_iomap_iter",
            "file": "fs/dax.c"
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53306.json"

Git / github.com/gregkh/linux

Affected ranges

Type
GIT
Repo
https://github.com/gregkh/linux
Events
Introduced
c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
Fixed
cdc7aff9ed012801e62eedd99e4a5573eccac4db

Affected versions

v6.*
v6.2
v6.2.1
v6.2.10
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53306.json"