DEBIAN-CVE-2023-53564

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53564

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53564.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53564

Upstream

CVE-2023-53564

Published

2025-10-04T16:15:51.870Z

Modified

2025-11-20T10:16:58.510055Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2ioctlmoveextents ocfs2moveextents ocfs2defragextent _ocfs2moveextent + ocfs2journalaccessdi + ocfs2splitextent //sub-paths call jbd2journalrestart + ocfs2journaldirty //crash by jbs2 ASSERT crash stacks: PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2" #0 [ffffb25d8dad3900] machinekexec at ffffffff8386fe01 #1 [ffffb25d8dad3958] _crashkexec at ffffffff8395959d #2 [ffffb25d8dad3a20] crashkexec at ffffffff8395a45d #3 [ffffb25d8dad3a38] oopsend at ffffffff83836d3f #4 [ffffb25d8dad3a58] dotrap at ffffffff83833205 #5 [ffffb25d8dad3aa0] doinvalidop at ffffffff83833aa6 #6 [ffffb25d8dad3ac0] invalidop at ffffffff84200d18 [exception RIP: jbd2journaldirtymetadata+0x2ba] RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207 RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250 RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000 R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28 R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250 ORIGRAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffffb25d8dad3ba8] ocfs2journaldirty at ffffffffc137fb95 [ocfs2] #8 [ffffb25d8dad3be8] _ocfs2moveextent at ffffffffc139a950 [ocfs2] #9 [ffffb25d8dad3c80] ocfs2defragextent at ffffffffc139b2d2 [ocfs2] Analysis This bug has the same root cause of 'commit 7f27ec978b0e ("ocfs2: call ocfs2journalaccessdi() before ocfs2journaldirty() in ocfs2writeendnolock()")'. For this bug, jbd2journalrestart() is called by ocfs2splitextent() during defragmenting. How to fix For ocfs2splitextent() can handle journal operations totally by itself. Caller doesn't need to call journal access/dirty pair, and caller only needs to call journal start/stop pair. The fix method is to remove journal access/dirty from _ocfs2moveextent(). The discussion for this patch: https://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html

References

https://security-tracker.debian.org/tracker/CVE-2023-53564

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}