CVE-2023-53183
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match [BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge(). [CAUSE] The root cause of the triggered ASSERT() is we can have a race between quota tree creation and relocation. This leads us to create a duplicated quota tree in the btrfs_read_fs_root() path, and since it's treated as fs tree, it would have ROOT_SHAREABLE flag, causing us to create a reloc tree for it. The bug itself is fixed by a dedicated patch for it, but this already taught us the ASSERT() is not something straightforward for developers. [ENHANCEMENT] Instead of using an ASSERT(), let's handle it gracefully and output extra info about the mismatch reloc roots to help debug. Also with the above ASSERT() removed, we can trigger ASSERT(0)s inside merge_reloc_roots() later. Also replace those ASSERT(0)s with WARN_ON()s.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-02
Generated
2026-05-27
AI Q&A
2025-09-15
EPSS Evaluated
2026-01-04
NVD
CVE-2023-53183
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 5.15.127 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.46 (exc)
linux linux_kernel From 6.2 (inc) to 6.4.11 (exc)
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's btrfs filesystem involves a race condition between quota tree creation and relocation, which can cause a duplicated quota tree to be created. This duplicated tree is mistakenly treated as a filesystem tree with a ROOT_SHAREABLE flag, leading to the creation of a relocation tree for it. Originally, this caused an ASSERT() crash inside prepare_to_merge(). The fix replaces these ASSERT() crashes with graceful handling and warnings to better manage and debug the mismatch of relocation roots.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to an ASSERT() failure triggered by the race condition in btrfs quota tree handling. Such crashes can lead to system instability or downtime, potentially affecting data availability and system reliability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart