CVE-2023-53149
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a deadlock issue in the Linux kernel's ext4 filesystem. It occurs because ext4 uses a filesystem-wide lock to protect write operations, but under certain conditions, this lock can cause a deadlock when the system tries to reclaim filesystem resources during page writeback. Specifically, the deadlock happens when ext4_writepages() tries to acquire a lock that is already held, causing the process to block forever. The fix ensures that the filesystem reclaim code does not recurse into writeback code, preventing this deadlock.
How can this vulnerability impact me? :
This vulnerability can cause the system to hang or become unresponsive due to a deadlock in the ext4 filesystem during writeback operations. This can lead to degraded system performance, potential data loss if write operations are stalled indefinitely, and overall instability of the system relying on ext4.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to a Linux kernel version that includes the fix for this vulnerability, which avoids deadlocks in ext4 filesystem reclaim with page writeback by preventing recursion into filesystem reclaim from writeback code.