CVE-2023-53323
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53323
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53323.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53323
- Downstream
- Related
- Published
- 2025-09-16T16:11:58Z
- Modified
- 2025-10-21T16:31:30.456508Z
- Summary
- ext2/dax: Fix ext2_setsize when len is page aligned
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ext2/dax: Fix ext2_setsize when len is page aligned
PAGEALIGN(x) macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in daxzerorange() function, that means the length gets passed as 0 to ->iomapbegin().
In ext2 it then calls ext2getblocks -> maxblocks as 0 and hits bugon here in ext2getblocks(). BUG_ON(maxblocks == 0);
Instead we should be calling daxtruncatepage() here which takes care of it. i.e. it only calls daxzerorange if the offset is not page/block aligned.
This can be easily triggered with following on fsdax mounted pmem device.
dd if=/dev/zero of=file count=1 bs=512 truncate -s 0 file
[79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff) [93.793207] ------------[ cut here ]------------ [93.795102] kernel BUG at fs/ext2/inode.c:637! [93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI [93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139 [93.806459] RIP: 0010:ext2getblocks.constprop.0+0x524/0x610 <...> [93.835298] Call Trace: [93.836253] <TASK> [93.837103] ? lockacquire+0xf8/0x110 [93.838479] ? dlookup+0x69/0xd0 [93.839779] ext2iomapbegin+0xa7/0x1c0 [93.841154] iomapiter+0xc7/0x150 [93.842425] daxzerorange+0x6e/0xa0 [93.843813] ext2setsize+0x176/0x1b0 [93.845164] ext2setattr+0x151/0x200 [93.846467] notifychange+0x341/0x4e0 [93.847805] ? lockacquire+0xf8/0x110 [93.849143] ? dotruncate+0x74/0xe0 [93.850452] ? dotruncate+0x84/0xe0 [93.851739] dotruncate+0x84/0xe0 [93.852974] dosysftruncate+0x2b4/0x2f0 [93.854404] dosyscall64+0x3f/0x90 [93.855789] entrySYSCALL64afterhwframe+0x72/0xdc
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2aa3048e03d38d5358be2553d4b638c1a018498cFixed9e54fd14bd143c261e52fde74355e85e9526c58c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2aa3048e03d38d5358be2553d4b638c1a018498cFixed5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2aa3048e03d38d5358be2553d4b638c1a018498cFixedfcced95b6ba2a507a83b8b3e0358a8ac16b13e35
Affected versions
v5.*
v6.*
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fcced95b6ba2a507a83b8b3e0358a8ac16b13e35",
"target": {
"file": "fs/ext2/inode.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-53323-11697f00",
"signature_type": "Line",
"digest": {
"line_hashes": [
"64345819663824807277204190002694887551",
"227221950848307990612378751411446506695",
"280393395219756998385733472700863993662",
"58236835094672413045038424998832805733",
"232352440582708965497933052499410686831",
"170341755865522817782561645566026696248"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab",
"target": {
"function": "ext2_setsize",
"file": "fs/ext2/inode.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-53323-4283c2e6",
"signature_type": "Function",
"digest": {
"function_hash": "73945476955653762449996858733314104485",
"length": 848.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9e54fd14bd143c261e52fde74355e85e9526c58c",
"target": {
"file": "fs/ext2/inode.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-53323-5fd4bf2f",
"signature_type": "Line",
"digest": {
"line_hashes": [
"64345819663824807277204190002694887551",
"227221950848307990612378751411446506695",
"280393395219756998385733472700863993662",
"58236835094672413045038424998832805733",
"232352440582708965497933052499410686831",
"170341755865522817782561645566026696248"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab",
"target": {
"file": "fs/ext2/inode.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-53323-7403de78",
"signature_type": "Line",
"digest": {
"line_hashes": [
"64345819663824807277204190002694887551",
"227221950848307990612378751411446506695",
"280393395219756998385733472700863993662",
"58236835094672413045038424998832805733",
"232352440582708965497933052499410686831",
"170341755865522817782561645566026696248"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9e54fd14bd143c261e52fde74355e85e9526c58c",
"target": {
"function": "ext2_setsize",
"file": "fs/ext2/inode.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-53323-9f4aeca1",
"signature_type": "Function",
"digest": {
"function_hash": "73945476955653762449996858733314104485",
"length": 848.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fcced95b6ba2a507a83b8b3e0358a8ac16b13e35",
"target": {
"function": "ext2_setsize",
"file": "fs/ext2/inode.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-53323-e50aadfb",
"signature_type": "Function",
"digest": {
"function_hash": "73945476955653762449996858733314104485",
"length": 848.0
}
}
]