Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-53323

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/09/2025
Last modified:
17/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext2/dax: Fix ext2_setsize when len is page aligned<br /> <br /> PAGE_ALIGN(x) macro gives the next highest value which is multiple of<br /> pagesize. But if x is already page aligned then it simply returns x.<br /> So, if x passed is 0 in dax_zero_range() function, that means the<br /> length gets passed as 0 to -&gt;iomap_begin().<br /> <br /> In ext2 it then calls ext2_get_blocks -&gt; max_blocks as 0 and hits bug_on<br /> here in ext2_get_blocks().<br /> BUG_ON(maxblocks == 0);<br /> <br /> Instead we should be calling dax_truncate_page() here which takes<br /> care of it. i.e. it only calls dax_zero_range if the offset is not<br /> page/block aligned.<br /> <br /> This can be easily triggered with following on fsdax mounted pmem<br /> device.<br /> <br /> dd if=/dev/zero of=file count=1 bs=512<br /> truncate -s 0 file<br /> <br /> [79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk<br /> [79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff)<br /> [93.793207] ------------[ cut here ]------------<br /> [93.795102] kernel BUG at fs/ext2/inode.c:637!<br /> [93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI<br /> [93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139<br /> [93.806459] RIP: 0010:ext2_get_blocks.constprop.0+0x524/0x610<br /> <br /> [93.835298] Call Trace:<br /> [93.836253] <br /> [93.837103] ? lock_acquire+0xf8/0x110<br /> [93.838479] ? d_lookup+0x69/0xd0<br /> [93.839779] ext2_iomap_begin+0xa7/0x1c0<br /> [93.841154] iomap_iter+0xc7/0x150<br /> [93.842425] dax_zero_range+0x6e/0xa0<br /> [93.843813] ext2_setsize+0x176/0x1b0<br /> [93.845164] ext2_setattr+0x151/0x200<br /> [93.846467] notify_change+0x341/0x4e0<br /> [93.847805] ? lock_acquire+0xf8/0x110<br /> [93.849143] ? do_truncate+0x74/0xe0<br /> [93.850452] ? do_truncate+0x84/0xe0<br /> [93.851739] do_truncate+0x84/0xe0<br /> [93.852974] do_sys_ftruncate+0x2b4/0x2f0<br /> [93.854404] do_syscall_64+0x3f/0x90<br /> [93.855789] entry_SYSCALL_64_after_hwframe+0x72/0xdc

Impact

References to Advisories, Solutions, and Tools