CVE-2023-53172
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds Commit 56124d6c87fd ("fsverity: support enabling with tree block size < PAGE_SIZE") changed FS_IOC_ENABLE_VERITY to use __kernel_read() to read the file's data, instead of direct pagecache accesses. An unintended consequence of this is that the 'WARN_ON_ONCE(!(file->f_mode & FMODE_READ))' in __kernel_read() became reachable by fuzz tests. This happens if FS_IOC_ENABLE_VERITY is called on a fd opened with access mode 3, which means "ioctl access only". Arguably, FS_IOC_ENABLE_VERITY should work on ioctl-only fds. But ioctl-only fds are a weird Linux extension that is rarely used and that few people even know about. (The documentation for FS_IOC_ENABLE_VERITY even specifically says it requires O_RDONLY.) It's probably not worthwhile to make the ioctl internally open a new fd just to handle this case. Thus, just reject the ioctl on such fds for now.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-02
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53172
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's fsverity feature, where the FS_IOC_ENABLE_VERITY ioctl command was changed to use __kernel_read() instead of direct pagecache accesses. This change made a warning reachable when FS_IOC_ENABLE_VERITY is called on a file descriptor (fd) opened with access mode 3, which means 'ioctl access only'. Since ioctl-only fds are a rare Linux extension and FS_IOC_ENABLE_VERITY requires O_RDONLY mode, the vulnerability is addressed by rejecting the ioctl command on such ioctl-only fds to prevent unexpected behavior.

Impact Analysis

If FS_IOC_ENABLE_VERITY is called on an ioctl-only file descriptor (mode 3), it can trigger a warning in the kernel due to improper access mode handling. While ioctl-only fds are rarely used, this could potentially lead to unexpected kernel warnings or instability when enabling fsverity on such descriptors. The fix prevents this by rejecting the ioctl in these cases, reducing the risk of kernel issues.

Mitigation Strategies

The vulnerability is addressed by rejecting the FS_IOC_ENABLE_VERITY ioctl on file descriptors opened with access mode 3 (ioctl-only). To mitigate this vulnerability, ensure that FS_IOC_ENABLE_VERITY is not called on ioctl-only file descriptors and that file descriptors used with this ioctl are opened with O_RDONLY mode as documented. Applying the kernel update that includes the fix (commit 56124d6c87fd) will also mitigate the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53172. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart