CVE-2023-53339
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix BUG_ON condition in btrfs_cancel_balance Pausing and canceling balance can race to interrupt balance lead to BUG_ON panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance does not take this race scenario into account. However, the race condition has no other side effects. We can fix that. Reproducing it with panic trace like this: kernel BUG at fs/btrfs/volumes.c:4618! RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0 Call Trace: <TASK> ? do_nanosleep+0x60/0x120 ? hrtimer_nanosleep+0xb7/0x1a0 ? sched_core_clone_cookie+0x70/0x70 btrfs_ioctl_balance_ctl+0x55/0x70 btrfs_ioctl+0xa46/0xd20 __x64_sys_ioctl+0x7d/0xa0 do_syscall_64+0x38/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Race scenario as follows: > mutex_unlock(&fs_info->balance_mutex); > -------------------- > .......issue pause and cancel req in another thread > -------------------- > ret = __btrfs_balance(fs_info); > > mutex_lock(&fs_info->balance_mutex); > if (ret == -ECANCELED && atomic_read(&fs_info->balance_pause_req)) { > btrfs_info(fs_info, "balance: paused"); > btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED); > }
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53339
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.19.293 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.255 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.192 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.128 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.47 (exc)
linux linux_kernel From 6.2 (inc) to 6.4.12 (exc)
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
linux linux_kernel 6.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the Linux kernel's btrfs filesystem code, specifically in the btrfs_cancel_balance function. When pausing and canceling a balance operation concurrently, a race can occur that triggers a BUG_ON panic, causing the kernel to crash. The BUG_ON condition does not properly handle this race scenario, leading to a kernel panic, although the race condition has no other side effects.

Impact Analysis

The vulnerability can cause the Linux kernel to panic (crash) when a balance operation on a btrfs filesystem is paused and canceled concurrently. This can lead to system instability or downtime due to the kernel crash, but it does not have other side effects beyond causing the panic.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53339. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart