CVE-2023-53593
- Source
- https://cve.org/CVERecord?id=CVE-2023-53593
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53593.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53593
- Downstream
- Related
- Published
- 2025-10-04T15:44:06.853Z
- Modified
- 2026-02-24T07:34:45.700180Z
- Summary
- cifs: Release folio lock on fscache read hit.
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cifs: Release folio lock on fscache read hit.
Under the current code, when cifsreadpageworker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as:
The filesystem should unlock the folio once the read has completed, whether it was successful or not.
Without this change, when fscache is in use and cache hit occurs during a read, the page lock is leaked, producing the following stack on subsequent reads (via mmap) to the page:
$ cat /proc/3890/task/12864/stack [<0>] foliowaitbitcommon+0x124/0x350 [<0>] filemapreadfolio+0xad/0xf0 [<0>] filemapfault+0x8b1/0xab0 [<0>] _dofault+0x39/0x150 [<0>] dofault+0x25c/0x3e0 [<0>] _handlemmfault+0x6ca/0xc70 [<0>] handlemmfault+0xe9/0x350 [<0>] douseraddrfault+0x225/0x6c0 [<0>] excpagefault+0x84/0x1b0 [<0>] asmexcpagefault+0x27/0x30
This requires a reboot to resolve; it is a deadlock.
Note however that the call to cifsreadpagefromfscache does mark the page clean, but does not free the folio lock. This happens in _cifsreadpagefromfscache on success. Releasing the lock at that point however is not appropriate as cifsreadahead also calls cifsreadpagefromfscache and *does* unconditionally release the lock after its return. This change therefore effectively makes cifsreadpageworker work like cifsreadahead.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53593.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/69513dd669e243928f7450893190915a88f84a2b
- https://git.kernel.org/stable/c/7a9fb689c1a1dc373887621a3bfa3810df0abde4
- https://git.kernel.org/stable/c/9e725386d4262ef23ae51993f04602bc535b5be2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53593.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53593
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0174ee9947bd0f24fee2794b35258960d108b7aaFixed9e725386d4262ef23ae51993f04602bc535b5be2Fixed7a9fb689c1a1dc373887621a3bfa3810df0abde4Fixed69513dd669e243928f7450893190915a88f84a2b
Affected versions
v5.*
v5.17
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.10
v6.4.11
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70891962106600541335981534241941657578",
"130077336989326259488494165959408975964",
"291754213989424034726422540413458151900",
"131856509378822899829839566183974679546",
"17466892676049247515846804905642572295"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7a9fb689c1a1dc373887621a3bfa3810df0abde4",
"deprecated": false,
"id": "CVE-2023-53593-17e2dbc3",
"signature_type": "Line",
"target": {
"file": "fs/smb/client/file.c"
},
"signature_version": "v1"
},
{
"digest": {
"length": 888.0,
"function_hash": "297802982568173516630907985281603760850"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9e725386d4262ef23ae51993f04602bc535b5be2",
"deprecated": false,
"id": "CVE-2023-53593-2c6a0102",
"signature_type": "Function",
"target": {
"function": "cifs_readpage_worker",
"file": "fs/smb/client/file.c"
},
"signature_version": "v1"
},
{
"digest": {
"length": 846.0,
"function_hash": "302825472421623488278508611031927606068"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7a9fb689c1a1dc373887621a3bfa3810df0abde4",
"deprecated": false,
"id": "CVE-2023-53593-3bc6e1bc",
"signature_type": "Function",
"target": {
"function": "cifs_readpage_worker",
"file": "fs/smb/client/file.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70891962106600541335981534241941657578",
"130077336989326259488494165959408975964",
"291754213989424034726422540413458151900",
"131856509378822899829839566183974679546",
"17466892676049247515846804905642572295"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9e725386d4262ef23ae51993f04602bc535b5be2",
"deprecated": false,
"id": "CVE-2023-53593-609b1a92",
"signature_type": "Line",
"target": {
"file": "fs/smb/client/file.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70891962106600541335981534241941657578",
"130077336989326259488494165959408975964",
"291754213989424034726422540413458151900",
"131856509378822899829839566183974679546",
"17466892676049247515846804905642572295"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69513dd669e243928f7450893190915a88f84a2b",
"deprecated": false,
"id": "CVE-2023-53593-6a20daad",
"signature_type": "Line",
"target": {
"file": "fs/smb/client/file.c"
},
"signature_version": "v1"
},
{
"digest": {
"length": 846.0,
"function_hash": "302825472421623488278508611031927606068"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69513dd669e243928f7450893190915a88f84a2b",
"deprecated": false,
"id": "CVE-2023-53593-ddb5df88",
"signature_type": "Function",
"target": {
"function": "cifs_readpage_worker",
"file": "fs/smb/client/file.c"
},
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53593.json"
Git / github.com/gregkh/linux
Affected versions
v5.*
v5.17.1
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.10
v6.4.11
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9