{ "threat_severity" : "Moderate", "public_date" : "2025-09-16T00:00:00Z", "bugzilla" : { "description" : "kernel: ext4: fix WARNING in mb_find_extent", "id" : "2395887", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2395887" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\next4: fix WARNING in mb_find_extent\nSyzbot found the following issue:\nEXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!\nEXT4-fs (loop0): orphan cleanup on readonly fs\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 5067 at fs/ext4/mballoc.c:1869 mb_find_extent+0x8a1/0xe30\nModules linked in:\nCPU: 1 PID: 5067 Comm: syz-executor307 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:mb_find_extent+0x8a1/0xe30 fs/ext4/mballoc.c:1869\nRSP: 0018:ffffc90003c9e098 EFLAGS: 00010293\nRAX: ffffffff82405731 RBX: 0000000000000041 RCX: ffff8880783457c0\nRDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000000000040\nRBP: 0000000000000040 R08: ffffffff82405723 R09: ffffed10053c9402\nR10: ffffed10053c9402 R11: 1ffff110053c9401 R12: 0000000000000000\nR13: ffffc90003c9e538 R14: dffffc0000000000 R15: ffffc90003c9e2cc\nFS: 0000555556665300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056312f6796f8 CR3: 0000000022437000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\next4_mb_complex_scan_group+0x353/0x1100 fs/ext4/mballoc.c:2307\next4_mb_regular_allocator+0x1533/0x3860 fs/ext4/mballoc.c:2735\next4_mb_new_blocks+0xddf/0x3db0 fs/ext4/mballoc.c:5605\next4_ext_map_blocks+0x1868/0x6880 fs/ext4/extents.c:4286\next4_map_blocks+0xa49/0x1cc0 fs/ext4/inode.c:651\next4_getblk+0x1b9/0x770 fs/ext4/inode.c:864\next4_bread+0x2a/0x170 fs/ext4/inode.c:920\next4_quota_write+0x225/0x570 fs/ext4/super.c:7105\nwrite_blk fs/quota/quota_tree.c:64 [inline]\nget_free_dqblk+0x34a/0x6d0 fs/quota/quota_tree.c:130\ndo_insert_tree+0x26b/0x1aa0 fs/quota/quota_tree.c:340\ndo_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375\ndo_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375\ndo_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375\ndq_insert_tree fs/quota/quota_tree.c:401 [inline]\nqtree_write_dquot+0x3b6/0x530 fs/quota/quota_tree.c:420\nv2_write_dquot+0x11b/0x190 fs/quota/quota_v2.c:358\ndquot_acquire+0x348/0x670 fs/quota/dquot.c:444\next4_acquire_dquot+0x2dc/0x400 fs/ext4/super.c:6740\ndqget+0x999/0xdc0 fs/quota/dquot.c:914\n__dquot_initialize+0x3d0/0xcf0 fs/quota/dquot.c:1492\next4_process_orphan+0x57/0x2d0 fs/ext4/orphan.c:329\next4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474\n__ext4_fill_super fs/ext4/super.c:5516 [inline]\next4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644\nget_tree_bdev+0x400/0x620 fs/super.c:1282\nvfs_get_tree+0x88/0x270 fs/super.c:1489\ndo_new_mount+0x289/0xad0 fs/namespace.c:3145\ndo_mount fs/namespace.c:3488 [inline]\n__do_sys_mount fs/namespace.c:3697 [inline]\n__se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nAdd some debug information:\nmb_find_extent: mb_find_extent block=41, order=0 needed=64 next=0 ex=0/41/1@3735929054 64 64 7\nblock_bitmap: ff 3f 0c 00 fc 01 00 00 d2 3d 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nAcctually, blocks per group is 64, but block bitmap indicate at least has\n128 blocks. Now, ext4_validate_block_bitmap() didn't check invalid block's\nbitmap if set.\nTo resolve above issue, add check like fsck \"Padding at end of block bitmap is\nnot set\".", "A vulnerability was found in the ext4 filesystem driver in the Linux kernel. This flaw occurs when the system processes a maliciously crafted or corrupted ext4 filesystem image, as the driver fails to properly validate its structural data. A local user with the ability to mount such an image could use this flaw to cause a system crash, resulting in a denial of service. This vulnerability could also lead to silent corruption of data on the affected filesystem." ], "statement" : "This vulnerability will only result in a Denial of Service when the panic_on_warn flag is enabled, which is not the default configuration for Red hat Linux installations.\nRed Hat Product Security team has rated this vulnerability as having a Moderate severity due to the fact an attacker needs to have privileges to mount the filesystem, additionally the complexity of corrupting the block bitmap can be considered high and the attacker has no full control on how the data will be corrupted in a event of a successful attack.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53317\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53317\nhttps://lore.kernel.org/linux-cve-announce/2025091643-CVE-2023-53317-c945@gregkh/T" ], "name" : "CVE-2023-53317", "mitigation" : { "value" : "There's no available mitigation for this issue.", "lang" : "en:us" }, "csaw" : false }