DEBIAN-CVE-2023-54068

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54068

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54068.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54068

Upstream

CVE-2023-54068

Published

2025-12-24T13:16:08.640Z

Modified

2025-12-25T11:14:27.871400Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fswaitonpagewriteback() in f2fswriterawpages() BUGON() will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folioendwriteback(struct folio *folio) 1598 { ...... 1618 if (!__folioendwriteback(folio)) 1619 BUG(); ...... 1625 } kernel BUG at mm/filemap.c:1619! Call Trace: <TASK> f2fswriteendio+0x1a0/0x370 blkupdaterequest+0x6c/0x410 blkmqendrequest+0x15/0x130 blkcompletereqs+0x3c/0x50 __dosoftirq+0xb8/0x29b ? sortrange+0x20/0x20 runksoftirqd+0x19/0x20 smpbootthreadfn+0x10b/0x1d0 kthread+0xde/0x110 ? kthreadcompleteandexit+0x20/0x20 retfromfork+0x22/0x30 </TASK> Below is the concurrency scenario: [Process A] [Process B] [Process C] f2fswriterawpages() - redirtypageforwritepage() - unlock page() f2fsdowritedatapage() - lockpage() - clearpagedirtyforio() - setpagewriteback() [1st writeback] ..... - unlock page() genericperformwrite() - f2fswritebegin() - waitforstablepage() - f2fswriteend() - setpagedirty() - lockpage() - f2fsdowritedatapage() - setpagewriteback() [2st writeback] This problem was introduced by the previous commit 7377e853967b ("f2fs: compress: fix potential deadlock of compress file"). All pagelocks were released in f2fswriterawpages(), but whether the page was in the writeback state was ignored in the subsequent writing process. Let's fix it by waiting for the page to writeback before writing.

References

https://security-tracker.debian.org/tracker/CVE-2023-54068

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.191-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54068.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.37-1

Affected versions

6.*

6.1.27-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54068.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54068.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54068.json"