CVE-2023-53337
- Source
- https://cve.org/CVERecord?id=CVE-2023-53337
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53337.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53337
- Downstream
- Related
- Published
- 2025-09-17T14:56:31.582Z
- Modified
- 2026-04-02T09:44:01.197071Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- nilfs2: do not write dirty data after degenerating to read-only
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: do not write dirty data after degenerating to read-only
According to syzbot's report, markbufferdirty() called from nilfssegctordo_construct() outputs a warning with some patterns after nilfs2 detects metadata corruption and degrades to read-only mode.
After such read-only degeneration, page cache data may be cleared through nilfscleardirtypage() which may also clear the uptodate flag for their buffer heads. However, even after the degeneration, log writes are still performed by unmount processing etc., which causes markbuffer_dirty() to be called for buffer heads without the "uptodate" flag and causes the warning.
Since any writes should not be done to a read-only file system in the first place, this fixes the warning in markbufferdirty() by letting nilfssegctordo_construct() abort early if in read-only mode.
This also changes the retry check of nilfssegctorwriteout() to avoid unnecessary log write retries if it detects -EROFS that nilfssegctordoconstruct() returned.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53337.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/13f73ef77baa4764dc1ca4fcbae9cade05b83866
- https://git.kernel.org/stable/c/28a65b49eb53e172d23567005465019658bfdb4d
- https://git.kernel.org/stable/c/4005cec6847c06ee191583270b7cdd7e696543cc
- https://git.kernel.org/stable/c/4569a292a84e340e97d178898ad1cfe1a3080a61
- https://git.kernel.org/stable/c/55f7810632f993cff622a0ddbc7c865892294b61
- https://git.kernel.org/stable/c/7c3e662048053802f6b0db3a78e97f4e1f7edc4f
- https://git.kernel.org/stable/c/a73201c607d8e506358d60aafddda4246bdd9350
- https://git.kernel.org/stable/c/bd89073fc7a5d03b1d06b372addbe405e5a925f4
- https://git.kernel.org/stable/c/e9c5412c5972124776c1b873533eb39e287a4dfa
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53337.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53337
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8c26c4e2694a163d525976e804d81cd955bbb40cFixedbd89073fc7a5d03b1d06b372addbe405e5a925f4Fixede9c5412c5972124776c1b873533eb39e287a4dfaFixed4569a292a84e340e97d178898ad1cfe1a3080a61Fixed7c3e662048053802f6b0db3a78e97f4e1f7edc4fFixed13f73ef77baa4764dc1ca4fcbae9cade05b83866Fixeda73201c607d8e506358d60aafddda4246bdd9350Fixed4005cec6847c06ee191583270b7cdd7e696543ccFixed55f7810632f993cff622a0ddbc7c865892294b61Fixed28a65b49eb53e172d23567005465019658bfdb4d