CVE-2023-53564 (GCVE-0-2023-53564)

Vulnerability from cvelistv5 – Published: 2025-10-04 15:17 – Updated: 2026-01-05 10:21
VLAI?
Title
ocfs2: fix defrag path triggering jbd2 ASSERT
Summary
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di + ocfs2_split_extent //sub-paths call jbd2_journal_restart + ocfs2_journal_dirty //crash by jbs2 ASSERT crash stacks: PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2" #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01 #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205 #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6 #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18 [exception RIP: jbd2_journal_dirty_metadata+0x2ba] RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207 RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250 RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000 R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28 R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2] #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2] #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2] Analysis This bug has the same root cause of 'commit 7f27ec978b0e ("ocfs2: call ocfs2_journal_access_di() before ocfs2_journal_dirty() in ocfs2_write_end_nolock()")'. For this bug, jbd2_journal_restart() is called by ocfs2_split_extent() during defragmenting. How to fix For ocfs2_split_extent() can handle journal operations totally by itself. Caller doesn't need to call journal access/dirty pair, and caller only needs to call journal start/stop pair. The fix method is to remove journal access/dirty from __ocfs2_move_extent(). The discussion for this patch: https://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 5f43d34a51ed30e6a60f7e59d224a63014fe2cd5 (git)
Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 7f3b1c28e2908755fb248d3ee8ff56826f2387db (git)
Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 669134a66d37258e1c4a5cfbd5b82f547ae30fca (git)
Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 2c559b3ba8e0b9e3c4bb08159a28ccadc698410f (git)
Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 33665d1042666f2e5c736a3df1f453e31f030663 (git)
Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 8163ea90d89b7012dd1fa4b28edf5db0c641eca7 (git)
Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 590507ebabd33cd93324c04f9a5538309a5ba934 (git)
Affected: 8f603e567aa7a243e68ca48b4f105b990851360f , < 60eed1e3d45045623e46944ebc7c42c30a4350f0 (git)
Create a notification for this product.
    Linux Linux Affected: 3.0
Unaffected: 0 , < 3.0 (semver)
Unaffected: 4.14.308 , ≤ 4.14.* (semver)
Unaffected: 4.19.276 , ≤ 4.19.* (semver)
Unaffected: 5.4.235 , ≤ 5.4.* (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/move_extents.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5f43d34a51ed30e6a60f7e59d224a63014fe2cd5",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            },
            {
              "lessThan": "7f3b1c28e2908755fb248d3ee8ff56826f2387db",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            },
            {
              "lessThan": "669134a66d37258e1c4a5cfbd5b82f547ae30fca",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            },
            {
              "lessThan": "2c559b3ba8e0b9e3c4bb08159a28ccadc698410f",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            },
            {
              "lessThan": "33665d1042666f2e5c736a3df1f453e31f030663",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            },
            {
              "lessThan": "8163ea90d89b7012dd1fa4b28edf5db0c641eca7",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            },
            {
              "lessThan": "590507ebabd33cd93324c04f9a5538309a5ba934",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            },
            {
              "lessThan": "60eed1e3d45045623e46944ebc7c42c30a4350f0",
              "status": "affected",
              "version": "8f603e567aa7a243e68ca48b4f105b990851360f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/move_extents.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.308",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix defrag path triggering jbd2 ASSERT\n\ncode path:\n\nocfs2_ioctl_move_extents\n ocfs2_move_extents\n  ocfs2_defrag_extent\n   __ocfs2_move_extent\n    + ocfs2_journal_access_di\n    + ocfs2_split_extent  //sub-paths call jbd2_journal_restart\n    + ocfs2_journal_dirty //crash by jbs2 ASSERT\n\ncrash stacks:\n\nPID: 11297  TASK: ffff974a676dcd00  CPU: 67  COMMAND: \"defragfs.ocfs2\"\n #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01\n #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d\n #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d\n #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f\n #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205\n #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6\n #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18\n    [exception RIP: jbd2_journal_dirty_metadata+0x2ba]\n    RIP: ffffffffc09ca54a  RSP: ffffb25d8dad3b70  RFLAGS: 00010207\n    RAX: 0000000000000000  RBX: ffff9706eedc5248  RCX: 0000000000000000\n    RDX: 0000000000000001  RSI: ffff97337029ea28  RDI: ffff9706eedc5250\n    RBP: ffff9703c3520200   R8: 000000000f46b0b2   R9: 0000000000000000\n    R10: 0000000000000001  R11: 00000001000000fe  R12: ffff97337029ea28\n    R13: 0000000000000000  R14: ffff9703de59bf60  R15: ffff9706eedc5250\n    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018\n #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2]\n #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2]\n #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2]\n\nAnalysis\n\nThis bug has the same root cause of \u0027commit 7f27ec978b0e (\"ocfs2: call\nocfs2_journal_access_di() before ocfs2_journal_dirty() in\nocfs2_write_end_nolock()\")\u0027.  For this bug, jbd2_journal_restart() is\ncalled by ocfs2_split_extent() during defragmenting.\n\nHow to fix\n\nFor ocfs2_split_extent() can handle journal operations totally by itself. \nCaller doesn\u0027t need to call journal access/dirty pair, and caller only\nneeds to call journal start/stop pair.  The fix method is to remove\njournal access/dirty from __ocfs2_move_extent().\n\nThe discussion for this patch:\nhttps://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:21:19.933Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5f43d34a51ed30e6a60f7e59d224a63014fe2cd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f3b1c28e2908755fb248d3ee8ff56826f2387db"
        },
        {
          "url": "https://git.kernel.org/stable/c/669134a66d37258e1c4a5cfbd5b82f547ae30fca"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c559b3ba8e0b9e3c4bb08159a28ccadc698410f"
        },
        {
          "url": "https://git.kernel.org/stable/c/33665d1042666f2e5c736a3df1f453e31f030663"
        },
        {
          "url": "https://git.kernel.org/stable/c/8163ea90d89b7012dd1fa4b28edf5db0c641eca7"
        },
        {
          "url": "https://git.kernel.org/stable/c/590507ebabd33cd93324c04f9a5538309a5ba934"
        },
        {
          "url": "https://git.kernel.org/stable/c/60eed1e3d45045623e46944ebc7c42c30a4350f0"
        }
      ],
      "title": "ocfs2: fix defrag path triggering jbd2 ASSERT",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53564",
    "datePublished": "2025-10-04T15:17:07.114Z",
    "dateReserved": "2025-10-04T15:14:15.923Z",
    "dateUpdated": "2026-01-05T10:21:19.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.