CVE-2023-53163
MEDIUM EPSS 4.1%
Published Sep 15, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: don't hold ni_lock when calling truncate_setsize() syzbot is reporting hung task at do_user_addr_fault() [1], for there is a silent deadlock between PG_locked bit and ni_lock lock. Since filemap_update_page() calls filemap_read_folio() after calling folio_trylock() which will set PG_locked bit, ntfs_truncate() must not call truncate_setsize() which will wait for PG_locked bit to be cleared when holding ni_lock lock.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
4.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 5
References 4
- git.kernel.org https://git.kernel.org/stable/c/0226635c304cfd5c9db9b78c259cb713819b057e
- git.kernel.org https://git.kernel.org/stable/c/6bb6b1c6b0c31e36736b87a39dd1cbbd9d5ec22f
- git.kernel.org https://git.kernel.org/stable/c/73fee7e1e5ea11b51c51c46e0577a197ca3602cf
- git.kernel.org https://git.kernel.org/stable/c/8414983c2e649364d8af29080a0869266b31abb6
Remediation
- git.kernel.org https://git.kernel.org/stable/c/0226635c304cfd5c9db9b78c259cb713819b057e
- git.kernel.org https://git.kernel.org/stable/c/6bb6b1c6b0c31e36736b87a39dd1cbbd9d5ec22f
- git.kernel.org https://git.kernel.org/stable/c/73fee7e1e5ea11b51c51c46e0577a197ca3602cf
- git.kernel.org https://git.kernel.org/stable/c/8414983c2e649364d8af29080a0869266b31abb6