CVE-2023-53564
- Source
- https://cve.org/CVERecord?id=CVE-2023-53564
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53564.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53564
- Downstream
- Related
- Published
- 2025-10-04T15:17:07.114Z
- Modified
- 2026-03-11T07:52:10.343950575Z
- Summary
- ocfs2: fix defrag path triggering jbd2 ASSERT
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix defrag path triggering jbd2 ASSERT
code path:
ocfs2ioctlmoveextents ocfs2moveextents ocfs2defrag_extent _ocfs2moveextent + ocfs2journalaccessdi + ocfs2splitextent //sub-paths call jbd2journalrestart + ocfs2journaldirty //crash by jbs2 ASSERT
crash stacks:
PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2" #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01 #1 [ffffb25d8dad3958] __crashkexec at ffffffff8395959d #2 [ffffb25d8dad3a20] crashkexec at ffffffff8395a45d #3 [ffffb25d8dad3a38] oopsend at ffffffff83836d3f #4 [ffffb25d8dad3a58] dotrap at ffffffff83833205 #5 [ffffb25d8dad3aa0] doinvalidop at ffffffff83833aa6 #6 [ffffb25d8dad3ac0] invalidop at ffffffff84200d18 [exception RIP: jbd2journaldirtymetadata+0x2ba] RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207 RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250 RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000 R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28 R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250 ORIGRAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffffb25d8dad3ba8] ocfs2journal_dirty at ffffffffc137fb95 [ocfs2] #8 [ffffb25d8dad3be8] __ocfs2moveextent at ffffffffc139a950 [ocfs2] #9 [ffffb25d8dad3c80] ocfs2defragextent at ffffffffc139b2d2 [ocfs2]
Analysis
This bug has the same root cause of 'commit 7f27ec978b0e ("ocfs2: call ocfs2journalaccessdi() before ocfs2journaldirty() in ocfs2writeendnolock()")'. For this bug, jbd2journalrestart() is called by ocfs2splitextent() during defragmenting.
How to fix
For ocfs2splitextent() can handle journal operations totally by itself. Caller doesn't need to call journal access/dirty pair, and caller only needs to call journal start/stop pair. The fix method is to remove journal access/dirty from __ocfs2moveextent().
The discussion for this patch: https://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53564.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2c559b3ba8e0b9e3c4bb08159a28ccadc698410f
- https://git.kernel.org/stable/c/33665d1042666f2e5c736a3df1f453e31f030663
- https://git.kernel.org/stable/c/590507ebabd33cd93324c04f9a5538309a5ba934
- https://git.kernel.org/stable/c/5f43d34a51ed30e6a60f7e59d224a63014fe2cd5
- https://git.kernel.org/stable/c/60eed1e3d45045623e46944ebc7c42c30a4350f0
- https://git.kernel.org/stable/c/669134a66d37258e1c4a5cfbd5b82f547ae30fca
- https://git.kernel.org/stable/c/7f3b1c28e2908755fb248d3ee8ff56826f2387db
- https://git.kernel.org/stable/c/8163ea90d89b7012dd1fa4b28edf5db0c641eca7
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53564.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53564
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8f603e567aa7a243e68ca48b4f105b990851360fFixed5f43d34a51ed30e6a60f7e59d224a63014fe2cd5Fixed7f3b1c28e2908755fb248d3ee8ff56826f2387dbFixed669134a66d37258e1c4a5cfbd5b82f547ae30fcaFixed2c559b3ba8e0b9e3c4bb08159a28ccadc698410fFixed33665d1042666f2e5c736a3df1f453e31f030663Fixed8163ea90d89b7012dd1fa4b28edf5db0c641eca7Fixed590507ebabd33cd93324c04f9a5538309a5ba934Fixed60eed1e3d45045623e46944ebc7c42c30a4350f0