CVE-2023-53564

MEDIUM EPSS 3.2%
Published Oct 4, 20258mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 4, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di + ocfs2_split_extent //sub-paths call jbd2_journal_restart + ocfs2_journal_dirty //crash by jbs2 ASSERT crash stacks: PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2" #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01 #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205 #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6 #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18 [exception RIP: jbd2_journal_dirty_metadata+0x2ba] RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207 RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250 RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000 R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28 R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2] #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2] #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2] Analysis This bug has the same root cause of 'commit 7f27ec978b0e ("ocfs2: call ocfs2_journal_access_di() before ocfs2_journal_dirty() in ocfs2_write_end_nolock()")'. For this bug, jbd2_journal_restart() is called by ocfs2_split_extent() during defragmenting. How to fix For ocfs2_split_extent() can handle journal operations totally by itself. Caller doesn't need to call journal access/dirty pair, and caller only needs to call journal start/stop pair. The fix method is to remove journal access/dirty from __ocfs2_move_extent(). The discussion for this patch: https://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-617

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥3.0  –  <4.14.308
linuxlinux_kernel*≥4.15  –  <4.19.276
linuxlinux_kernel*≥4.20  –  <5.4.235
linuxlinux_kernel*≥5.5  –  <5.10.173
linuxlinux_kernel*≥5.11  –  <5.15.99
linuxlinux_kernel*≥5.16  –  <6.1.16
linuxlinux_kernel*≥6.2  –  <6.2.3

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2c559b3ba8e0b9e3c4bb08159a28ccadc698410f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/33665d1042666f2e5c736a3df1f453e31f030663
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/590507ebabd33cd93324c04f9a5538309a5ba934
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f43d34a51ed30e6a60f7e59d224a63014fe2cd5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/60eed1e3d45045623e46944ebc7c42c30a4350f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/669134a66d37258e1c4a5cfbd5b82f547ae30fca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f3b1c28e2908755fb248d3ee8ff56826f2387db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8163ea90d89b7012dd1fa4b28edf5db0c641eca7
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2c559b3ba8e0b9e3c4bb08159a28ccadc698410f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/33665d1042666f2e5c736a3df1f453e31f030663
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/590507ebabd33cd93324c04f9a5538309a5ba934
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f43d34a51ed30e6a60f7e59d224a63014fe2cd5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/60eed1e3d45045623e46944ebc7c42c30a4350f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/669134a66d37258e1c4a5cfbd5b82f547ae30fca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f3b1c28e2908755fb248d3ee8ff56826f2387db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8163ea90d89b7012dd1fa4b28edf5db0c641eca7
    Patch