CVE-2023-53804
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can cause use-after-free reads during the unmount process of the nilfs2 file system, potentially leading to system instability, crashes, or memory corruption. This could affect system reliability and security if exploited.
Can you explain this vulnerability to me?
This vulnerability is a use-after-free bug in the Linux kernel's nilfs2 file system. During the unmount process, the nilfs_root structure is freed after detaching its writer, but some cleanup operations still try to use nilfs_root, which can lead to accessing freed memory. This happens if inodes remain in a garbage list and are released during unmount, causing potential memory corruption or crashes.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the nilfs2 use-after-free bug in nilfs_evict_inode() has been fixed. This fix involves modifying nilfs_evict_inode() to avoid use-after-free by only clearing the inode without additional metadata changes when the file system is degraded or the writer is detached. Until the update is applied, avoid unmounting nilfs2 file systems under conditions that may trigger this bug.