DEBIAN-CVE-2023-53804
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53804
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53804.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53804
- Upstream
- Published
- 2025-12-09T01:16:52.270Z
- Modified
- 2025-12-10T11:15:53.193316Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfsroot in nilfsevictinode() During unmount process of nilfs2, nothing holds nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter(). However, since nilfsevictinode() uses nilfsroot for some cleanup operations, it may cause use-after-free read if inodes are left in "garbagelist" and released by nilfsdisposelist() at the end of nilfsdetachlogwriter(). Fix this issue by modifying nilfsevictinode() to only clear inode without additional metadata changes that use nilfs_root if the file system is degraded to read-only or the writer is detached.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.191-1
Affected versions
5.*
5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
5.10.178-1
5.10.178-2
5.10.178-3
5.10.179-1
5.10.179-2
5.10.179-3
5.10.179-4
5.10.179-5
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source