CVE-2023-53777
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could be linked with each other almost simultaneously and form a loop so that the entire loop won't be submitted. As a consequence, the corresponding file pages will remain locked forever. It can be _only_ observed on data-deduplicated compressed images. For example, consider two chains with five pclusters in total: Chain 1: 2->3->4->5 -- The tail pcluster is 5; Chain 2: 5->1->2 -- The tail pcluster is 2. Chain 2 could link to Chain 1 with pcluster 5; and Chain 1 could link to Chain 2 at the same time with pcluster 2. Since hooked chains are all linked locklessly now, I have no idea how to simply avoid the race. Instead, let's avoid hooked chains completely until I could work out a proper way to fix this and end users finally tell us that it's needed to add it back. Actually, this optimization can be found with multi-threaded workloads (especially even more often on deduplicated compressed images), yet I'm not sure about the overall system impacts of not having this compared with implementation complexity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53777
EUVD
EUVD-2023-60129
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's EROFS filesystem when handling data-deduplicated compressed images. Specifically, two chains of pclusters can link to each other simultaneously, forming a loop. This loop prevents the entire chain from being submitted, causing the corresponding file pages to remain locked indefinitely. This issue arises under heavy stress with multi-threaded workloads on deduplicated compressed images, leading to locked file pages due to looped hooked chains.


How can this vulnerability impact me? :

The vulnerability can cause file pages to remain locked forever, which may lead to system resource exhaustion or degraded system performance. This happens because the looped chains prevent proper submission and release of file pages, potentially affecting system stability when using deduplicated compressed images under heavy multi-threaded workloads.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, avoid using data-deduplicated compressed images that trigger the hooked chains issue. Since the problem arises from hooked chains causing loops and locked file pages, disabling or avoiding the use of this optimization until a proper fix is available is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart