CVE-2023-53862

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hfs: fix missing hfs_bnode_get() in __hfs_bnode_create<br /> <br /> Syzbot found a kernel BUG in hfs_bnode_put():<br /> <br /> kernel BUG at fs/hfs/bnode.c:466!<br /> invalid opcode: 0000 [#1] PREEMPT SMP KASAN<br /> CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022<br /> Workqueue: writeback wb_workfn (flush-7:0)<br /> RIP: 0010:hfs_bnode_put+0x46f/0x480 fs/hfs/bnode.c:466<br /> Code: 8a 80 ff e9 73 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a0 fe ff ff 48 89 df e8 db 8a 80 ff e9 93 fe ff ff e8 a1 68 2c ff 0b e8 9a 68 2c ff 0f 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56<br /> RSP: 0018:ffffc90003b4f258 EFLAGS: 00010293<br /> RAX: ffffffff825e318f RBX: 0000000000000000 RCX: ffff8880739dd7c0<br /> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000<br /> RBP: ffffc90003b4f430 R08: ffffffff825e2d9b R09: ffffed10045157d1<br /> R10: ffffed10045157d1 R11: 1ffff110045157d0 R12: ffff8880228abe80<br /> R13: ffff88807016c000 R14: dffffc0000000000 R15: ffff8880228abe00<br /> FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fa6ebe88718 CR3: 000000001e93d000 CR4: 00000000003506f0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> hfs_write_inode+0x1bc/0xb40<br /> write_inode fs/fs-writeback.c:1440 [inline]<br /> __writeback_single_inode+0x4d6/0x670 fs/fs-writeback.c:1652<br /> writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1878<br /> __writeback_inodes_wb+0x125/0x420 fs/fs-writeback.c:1949<br /> wb_writeback+0x440/0x7b0 fs/fs-writeback.c:2054<br /> wb_check_start_all fs/fs-writeback.c:2176 [inline]<br /> wb_do_writeback fs/fs-writeback.c:2202 [inline]<br /> wb_workfn+0x827/0xef0 fs/fs-writeback.c:2235<br /> process_one_work+0x877/0xdb0 kernel/workqueue.c:2289<br /> worker_thread+0xb14/0x1330 kernel/workqueue.c:2436<br /> kthread+0x266/0x300 kernel/kthread.c:376<br /> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306<br /> <br /> <br /> The BUG_ON() is triggered at here:<br /> <br /> /* Dispose of resources used by a node */<br /> void hfs_bnode_put(struct hfs_bnode *node)<br /> {<br /> if (node) {<br /> <br /> BUG_ON(!atomic_read(&amp;node-&gt;refcnt));