CVE-2023-53323
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2_setsize when len is page aligned PAGE_ALIGN(x) macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in dax_zero_range() function, that means the length gets passed as 0 to ->iomap_begin(). In ext2 it then calls ext2_get_blocks -> max_blocks as 0 and hits bug_on here in ext2_get_blocks(). BUG_ON(maxblocks == 0); Instead we should be calling dax_truncate_page() here which takes care of it. i.e. it only calls dax_zero_range if the offset is not page/block aligned. This can be easily triggered with following on fsdax mounted pmem device. dd if=/dev/zero of=file count=1 bs=512 truncate -s 0 file [79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff) [93.793207] ------------[ cut here ]------------ [93.795102] kernel BUG at fs/ext2/inode.c:637! [93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI [93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139 [93.806459] RIP: 0010:ext2_get_blocks.constprop.0+0x524/0x610 <...> [93.835298] Call Trace: [93.836253] <TASK> [93.837103] ? lock_acquire+0xf8/0x110 [93.838479] ? d_lookup+0x69/0xd0 [93.839779] ext2_iomap_begin+0xa7/0x1c0 [93.841154] iomap_iter+0xc7/0x150 [93.842425] dax_zero_range+0x6e/0xa0 [93.843813] ext2_setsize+0x176/0x1b0 [93.845164] ext2_setattr+0x151/0x200 [93.846467] notify_change+0x341/0x4e0 [93.847805] ? lock_acquire+0xf8/0x110 [93.849143] ? do_truncate+0x74/0xe0 [93.850452] ? do_truncate+0x84/0xe0 [93.851739] do_truncate+0x84/0xe0 [93.852974] do_sys_ftruncate+0x2b4/0x2f0 [93.854404] do_syscall_64+0x3f/0x90 [93.855789] entry_SYSCALL_64_after_hwframe+0x72/0xdc
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-10
Generated
2026-05-27
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-25
NVD
CVE-2023-53323
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15 (inc) to 6.1.40 (exc)
linux linux_kernel From 6.2 (inc) to 6.4.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can cause a kernel crash (BUG) when truncating files on ext2 filesystems mounted on fsdax persistent memory devices. This can lead to system instability or denial of service, as the kernel encounters a critical error and stops normal operation.


Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's ext2 filesystem code related to DAX (Direct Access) on persistent memory devices. The issue occurs because the ext2_setsize function incorrectly handles cases where the length is page aligned, specifically when the length is zero. This leads to a call to ext2_get_blocks with max_blocks set to zero, triggering a kernel BUG. The problem arises from improper use of the PAGE_ALIGN macro and incorrect function calls in the ext2_setsize logic, which can cause the kernel to crash when truncating files on fsdax mounted pmem devices.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to trigger the bug on a filesystem using fsdax mounted pmem device with the following commands: 1. Create a file with dd: dd if=/dev/zero of=file count=1 bs=512 2. Truncate the file to zero size: truncate -s 0 file If the system is vulnerable, kernel logs will show a BUG_ON error in ext2_get_blocks with messages similar to: [79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [93.795102] kernel BUG at fs/ext2/inode.c:637! Checking kernel logs (e.g., using dmesg) after running these commands can help detect the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding the use of ext2 filesystems on fsdax mounted pmem devices until the kernel patch fixing ext2_setsize is applied. Avoid truncating files to zero size on such setups as it triggers the bug. Applying the kernel update that fixes the ext2_setsize function to correctly handle page-aligned lengths will resolve the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart