CVE-2023-53214
- Source
- https://cve.org/CVERecord?id=CVE-2023-53214
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53214.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53214
- Downstream
- Published
- 2025-09-15T14:21:42.331Z
- Modified
- 2026-04-02T09:43:47.956776Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid potential memory corruption in __updateiostatlatency()
Add iotype sanity check to avoid potential memory corruption. This is to fix the compile error below:
fs/f2fs/iostat.c:231 __updateiostatlatency() error: buffer overflow 'iolat->peaklat[type]' 3 <= 3
vim +228 fs/f2fs/iostat.c
211 static inline void _updateiostatlatency(struct bioiostatctx *iostatctx, 212 enum iostatlattype type) 213 { 214 unsigned long tsdiff; 215 unsigned int pagetype = iostatctx->type; 216 struct f2fssbinfo *sbi = iostatctx->sbi; 217 struct iostatlatinfo *iolat = sbi->iostatiolat; 218 unsigned long flags; 219 220 if (!sbi->iostatenable) 221 return; 222 223 tsdiff = jiffies - iostatctx->submitts; 224 if (pagetype >= META_FLUSH) ^^^^^^^^^^
225 pagetype = META; 226 227 spinlockirqsave(&sbi->iostatlatlock, flags); @228 iolat->sumlat[type][pagetype] += tsdiff; ^^^^^^^^^ Mixup between METAFLUSH and NRPAGETYPE leads to memory corruption.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53214.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592
- https://git.kernel.org/stable/c/20b4f3de0f3932f71b4a8daf0671e517a8d98022
- https://git.kernel.org/stable/c/22ddbbff116ee7dce5431feb1c0f36a507d2d68d
- https://git.kernel.org/stable/c/aa4d726af72a21732ce120484e0b1240674a13b3
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53214.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53214
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda4b6817625e71d5d4aee16cacf7a7fec077c6dbeFixedaa4d726af72a21732ce120484e0b1240674a13b3Fixed22ddbbff116ee7dce5431feb1c0f36a507d2d68dFixed20b4f3de0f3932f71b4a8daf0671e517a8d98022Fixed0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592