CVE-2023-53339
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
17/09/2025
Última modificación:
18/09/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
btrfs: fix BUG_ON condition in btrfs_cancel_balance<br />
<br />
Pausing and canceling balance can race to interrupt balance lead to BUG_ON<br />
panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance<br />
does not take this race scenario into account.<br />
<br />
However, the race condition has no other side effects. We can fix that.<br />
<br />
Reproducing it with panic trace like this:<br />
<br />
kernel BUG at fs/btrfs/volumes.c:4618!<br />
RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0<br />
Call Trace:<br />
<br />
? do_nanosleep+0x60/0x120<br />
? hrtimer_nanosleep+0xb7/0x1a0<br />
? sched_core_clone_cookie+0x70/0x70<br />
btrfs_ioctl_balance_ctl+0x55/0x70<br />
btrfs_ioctl+0xa46/0xd20<br />
__x64_sys_ioctl+0x7d/0xa0<br />
do_syscall_64+0x38/0x80<br />
entry_SYSCALL_64_after_hwframe+0x63/0xcd<br />
<br />
Race scenario as follows:<br />
> mutex_unlock(&fs_info->balance_mutex);<br />
> --------------------<br />
> .......issue pause and cancel req in another thread<br />
> --------------------<br />
> ret = __btrfs_balance(fs_info);<br />
><br />
> mutex_lock(&fs_info->balance_mutex);<br />
> if (ret == -ECANCELED && atomic_read(&fs_info->balance_pause_req)) {<br />
> btrfs_info(fs_info, "balance: paused");<br />
> btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);<br />
> }
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/29eefa6d0d07e185f7bfe9576f91e6dba98189c2
- https://git.kernel.org/stable/c/7c93b89cd46636b5e74c12fa21dd86167bc6ea8d
- https://git.kernel.org/stable/c/a0a462a0f20926918d6009f0b4b25673e883fc98
- https://git.kernel.org/stable/c/ae81329f7de3aa6f34ecdfa5412e72161a30e9ce
- https://git.kernel.org/stable/c/b966e9e1e250dfdb41a7f41775faea4a37af923c
- https://git.kernel.org/stable/c/bd7bef82ce0e929ef4cf63a34990545aaca28077
- https://git.kernel.org/stable/c/ceb9ba8e30833a4823e2dc73f80ebcdf2498d01a