CVE-2023-53564
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-04

Last updated on: 2026-03-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di + ocfs2_split_extent //sub-paths call jbd2_journal_restart + ocfs2_journal_dirty //crash by jbs2 ASSERT crash stacks: PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2" #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01 #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205 #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6 #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18 [exception RIP: jbd2_journal_dirty_metadata+0x2ba] RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207 RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250 RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000 R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28 R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2] #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2] #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2] Analysis This bug has the same root cause of 'commit 7f27ec978b0e ("ocfs2: call ocfs2_journal_access_di() before ocfs2_journal_dirty() in ocfs2_write_end_nolock()")'. For this bug, jbd2_journal_restart() is called by ocfs2_split_extent() during defragmenting. How to fix For ocfs2_split_extent() can handle journal operations totally by itself. Caller doesn't need to call journal access/dirty pair, and caller only needs to call journal start/stop pair. The fix method is to remove journal access/dirty from __ocfs2_move_extent(). The discussion for this patch: https://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-04
Last Modified
2026-03-21
Generated
2026-05-07
AI Q&A
2025-10-04
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53564
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.15 (inc) to 4.19.276 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.235 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.173 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.99 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.16 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.3 (exc)
linux linux_kernel From 3.0 (inc) to 4.14.308 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a bug in the Linux kernel's ocfs2 filesystem related to defragmentation. Specifically, during the defragmentation process, a function called ocfs2_split_extent improperly calls jbd2_journal_restart, which leads to an assertion failure in the journaling layer (jbd2). The root cause is that the caller function __ocfs2_move_extent incorrectly calls journal access/dirty operations that ocfs2_split_extent already handles internally. This results in a crash due to a failed assertion in the journaling code.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash when performing defragmentation operations on the ocfs2 filesystem. The crash is due to an assertion failure in the journaling subsystem, which can lead to system instability or downtime during filesystem defragmentation.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been fixed by removing the journal access/dirty calls from __ocfs2_move_extent() and ensuring ocfs2_split_extent() handles journal operations correctly by itself. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix. There are no specific immediate commands or workarounds provided.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart