CVE-2023-53081

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-53081

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting written and so data copied to the page is lost. Fix the problem by invalidating page beyond EOF after failed write.

References
Link Resource
https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3 Patch
https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57 Patch
https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b Patch
https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089 Patch
https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715 Patch
https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68 Patch
https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6 Patch
https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*
History

12 Nov 2025, 20:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CWE CWE-787
References () https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3 - () https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3 - Patch
References () https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57 - () https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57 - Patch
References () https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b - () https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b - Patch
References () https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089 - () https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089 - Patch
References () https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715 - () https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715 - Patch
References () https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68 - () https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68 - Patch
References () https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6 - () https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6 - Patch
References () https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45 - () https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45 - Patch

05 May 2025, 20:54

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: se corrige la corrupción de datos tras una escritura fallida. Cuando una escritura en búfer no copia los datos en la página de caché de la página subyacente, ocfs2_write_end_nolock() simplemente pone a cero y contamina la página. Esto puede dejar una página contaminada más allá del EOF. Si la escritura diferida intenta escribir en esta página antes de que la escritura tenga éxito y expande i_size, la página entra en un estado inconsistente donde el bit de página contaminada se borra, pero los bits de búfer contaminados permanecen activos, lo que resulta en que los datos de la página nunca se escriban y, por lo tanto, se pierdan los datos copiados. Se soluciona el problema invalidando la página más allá del EOF tras una escritura fallida.

02 May 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-02 16:15

Updated : 2025-11-12 20:48

NVD link : CVE-2023-53081

Mitre link : CVE-2023-53081

CVE.ORG link : CVE-2023-53081

JSON object : View

Products Affected

linux

CWE
CWE-787

Out-of-bounds Write