CVE-2023-54140
Unknown Unknown - Not Provided

Kernel Warning and Panic in Linux nilfs2 Due to Buffer Reuse

Vulnerability report for CVE-2023-54140, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_commit_alloc_entry() may output a kernel warning, and can panic if the kernel is booted with panic_on_warn. This is because nilfs2 keeps buffer pointers in local structures for some metadata and reuses them, but such buffers may be forcibly discarded by nilfs_clear_dirty_page() in some critical situations. This issue is reported to appear after commit 28a65b49eb53 ("nilfs2: do not write dirty data after degenerating to read-only"), but the issue has potentially existed before. Fix this issue by checking the uptodate flag when attempting to reuse an internally held buffer, and reloading the metadata instead of reusing the buffer if the flag was lost.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-07-06
AI Q&A
2025-12-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's nilfs2 filesystem where a kernel warning or panic can happen due to reuse of discarded buffer pointers. Specifically, mark_buffer_dirty() called from certain functions may output a warning or cause a kernel panic if the system is configured to panic on warnings. The issue arises because nilfs2 keeps buffer pointers in local structures and reuses them, but these buffers may have been forcibly discarded in some critical situations. The fix involves checking the buffer's uptodate flag before reuse and reloading metadata if the buffer is no longer valid.

Impact Analysis

This vulnerability can cause kernel warnings or system panics when the kernel attempts to reuse discarded buffers in the nilfs2 filesystem. If the kernel is configured with panic_on_warn, this can lead to system crashes, potentially causing downtime or data unavailability.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the nilfs2 issue described. The fix involves checking the uptodate flag when reusing internally held buffers and reloading metadata instead of reusing buffers if the flag was lost. Avoid booting the kernel with panic_on_warn enabled until the fix is applied to prevent kernel panic due to warnings.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart