{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ext4: fix rbtree traversal bug in ext4_mb_use_preallocated",
    "id" : "2420286",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420286"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-821",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\next4: fix rbtree traversal bug in ext4_mb_use_preallocated\nDuring allocations, while looking for preallocations(PA) in the per\ninode rbtree, we can't do a direct traversal of the tree because\next4_mb_discard_group_preallocation() can paralelly mark the pa deleted\nand that can cause direct traversal to skip some entries. This was\nleading to a BUG_ON() being hit [1] when we missed a PA that could satisfy\nour request and ultimately tried to create a new PA that would overlap\nwith the missed one.\nTo makes sure we handle that case while still keeping the performance of\nthe rbtree, we make use of the fact that the only pa that could possibly\noverlap the original goal start is the one that satisfies the below\nconditions:\n1. It must have it's logical start immediately to the left of\n(ie less than) original logical start.\n2. It must not be deleted\nTo find this pa we use the following traversal method:\n1. Descend into the rbtree normally to find the immediate neighboring\nPA. Here we keep descending irrespective of if the PA is deleted or if\nit overlaps with our request etc. The goal is to find an immediately\nadjacent PA.\n2. If the found PA is on right of original goal, use rb_prev() to find\nthe left adjacent PA.\n3. Check if this PA is deleted and keep moving left with rb_prev() until\na non deleted PA is found.\n4. This is the PA we are looking for. Now we can check if it can satisfy\nthe original request and proceed accordingly.\nThis approach also takes care of having deleted PAs in the tree.\n(While we are at it, also fix a possible overflow bug in calculating the\nend of a PA)\n[1] https://lore.kernel.org/linux-ext4/CA+G9fYv2FRpLqBZf34ZinR8bU2_ZRAUOjKAD3+tKRFaEQHtt8Q@mail.gmail.com/", "A flaw was identified in the ext4 filesystem’s block preallocation allocator in the Linux kernel. During allocation, the code traverses an rbtree of per-inode preallocations.Concurrently, the helper ext4_mb_discard_group_preallocation() can mark PAs as deleted, which may cause a naive rbtree traversal to skip eligible entries. In certain conditions, this inconsistent traversal can result in missing a preallocation that would satisfy the allocation request and instead creating a new preallocation that overlaps an existing one. This can lead to the kernel hitting a BUG_ON() or other integrity faults, potentially causing memory corruption or a system crash." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53813\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53813\nhttps://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53813-cd16@gregkh/T" ],
  "name" : "CVE-2023-53813",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}