CVE-2023-52622: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered: ================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK> __kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ================================================================== This is because flexbg_size is too large and the size of the new_group_data array to be allocated exceeds MAX_ORDER. Currently, the minimum value of MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding maximum number of groups that can be allocated is: (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845 And the value that is down-aligned to the power of 2 is 16384. Therefore, this value is defined as MAX_RESIZE_BG, and the number of groups added each time does not exceed this value during resizing, and is added multiple times to complete the online resizing. The difference is that the metadata in a flex_bg may be more dispersed.
AI Analysis
Technical Summary
CVE-2023-52622 is a vulnerability in the Linux kernel's ext4 filesystem implementation related to online resizing operations when using an oversized flex_bg (flexible block group) size. The ext4 filesystem supports online resizing, allowing the filesystem to be expanded while mounted. However, when the flex_bg_size parameter is set excessively large, the resize2fs tool triggers a kernel warning and potential failure during the allocation of new group metadata structures. Specifically, the issue arises because the allocation size for the new_group_data array exceeds the kernel's MAX_ORDER limit, which restricts the maximum order of pages that can be allocated in a single contiguous block. The kernel's memory allocator cannot fulfill this request, causing a WARN_ON in the __alloc_pages function, which is a sign of a critical memory allocation failure. The vulnerability is triggered by commands such as creating an ext4 filesystem with an extremely large flex_bg_size (e.g., 67108864), mounting it, and then attempting to resize it online to a much larger size (e.g., 16G). The root cause is that the ext4 resize code does not properly limit the number of groups added in one step, leading to oversized allocations. The fix involves defining a MAX_RESIZE_BG value (16384 groups) that limits the number of groups added per resize operation, breaking the resize into multiple smaller steps to avoid exceeding MAX_ORDER. This ensures that metadata allocations remain within kernel limits and prevents the WARN_ON and potential instability during resizing. No known exploits are reported in the wild, and the vulnerability is primarily a stability and denial-of-service risk during filesystem resizing operations. It requires privileged access to perform filesystem resizing and is not triggered by normal filesystem usage or unprivileged users.
Potential Impact
For European organizations, this vulnerability primarily poses a risk to systems running Linux with ext4 filesystems that perform online resizing operations with unusually large flex_bg_size parameters. The impact is mostly limited to system stability and availability during resizing, as the kernel warning indicates a failure in memory allocation that could cause the resize operation to fail or the system to become unstable temporarily. This could lead to denial of service on critical servers or storage systems undergoing maintenance or dynamic resizing, potentially affecting database servers, file servers, or cloud infrastructure nodes that rely on ext4 and dynamic storage management. Since exploitation requires privileged access and specific conditions (oversized flex_bg_size and online resizing), the risk of widespread disruption is moderate. However, organizations with automated or scripted resizing processes that might use large flex_bg_size values could inadvertently trigger this issue, causing operational disruptions. The vulnerability does not directly expose confidentiality or integrity risks but could indirectly impact availability of critical services. European enterprises with large-scale Linux deployments, especially in cloud, hosting, or data center environments, should be aware of this issue to avoid unexpected downtime during filesystem maintenance.
Mitigation Recommendations
1. Avoid using excessively large flex_bg_size values when creating ext4 filesystems. Stick to default or recommended flex_bg_size settings to prevent triggering this condition. 2. Apply the Linux kernel patch that introduces the MAX_RESIZE_BG limit to ensure that online resizing operations are broken into smaller, manageable steps that do not exceed memory allocation limits. 3. Test any automated or manual filesystem resizing procedures in a controlled environment to verify they do not trigger this vulnerability. 4. Monitor kernel logs for WARN_ON messages related to __alloc_pages during resize2fs operations, which could indicate attempts to resize with oversized flex_bg_size. 5. Restrict filesystem resizing operations to trusted administrators and ensure proper change management to prevent accidental misuse. 6. Consider alternative filesystem types or offline resizing if large-scale resizing is required and cannot be safely performed online. 7. Keep Linux kernel versions up to date with security patches and monitor vendor advisories for backported fixes related to ext4 resizing.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2023-52622: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered: ================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK> __kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ================================================================== This is because flexbg_size is too large and the size of the new_group_data array to be allocated exceeds MAX_ORDER. Currently, the minimum value of MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding maximum number of groups that can be allocated is: (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845 And the value that is down-aligned to the power of 2 is 16384. Therefore, this value is defined as MAX_RESIZE_BG, and the number of groups added each time does not exceed this value during resizing, and is added multiple times to complete the online resizing. The difference is that the metadata in a flex_bg may be more dispersed.
AI-Powered Analysis
Technical Analysis
CVE-2023-52622 is a vulnerability in the Linux kernel's ext4 filesystem implementation related to online resizing operations when using an oversized flex_bg (flexible block group) size. The ext4 filesystem supports online resizing, allowing the filesystem to be expanded while mounted. However, when the flex_bg_size parameter is set excessively large, the resize2fs tool triggers a kernel warning and potential failure during the allocation of new group metadata structures. Specifically, the issue arises because the allocation size for the new_group_data array exceeds the kernel's MAX_ORDER limit, which restricts the maximum order of pages that can be allocated in a single contiguous block. The kernel's memory allocator cannot fulfill this request, causing a WARN_ON in the __alloc_pages function, which is a sign of a critical memory allocation failure. The vulnerability is triggered by commands such as creating an ext4 filesystem with an extremely large flex_bg_size (e.g., 67108864), mounting it, and then attempting to resize it online to a much larger size (e.g., 16G). The root cause is that the ext4 resize code does not properly limit the number of groups added in one step, leading to oversized allocations. The fix involves defining a MAX_RESIZE_BG value (16384 groups) that limits the number of groups added per resize operation, breaking the resize into multiple smaller steps to avoid exceeding MAX_ORDER. This ensures that metadata allocations remain within kernel limits and prevents the WARN_ON and potential instability during resizing. No known exploits are reported in the wild, and the vulnerability is primarily a stability and denial-of-service risk during filesystem resizing operations. It requires privileged access to perform filesystem resizing and is not triggered by normal filesystem usage or unprivileged users.
Potential Impact
For European organizations, this vulnerability primarily poses a risk to systems running Linux with ext4 filesystems that perform online resizing operations with unusually large flex_bg_size parameters. The impact is mostly limited to system stability and availability during resizing, as the kernel warning indicates a failure in memory allocation that could cause the resize operation to fail or the system to become unstable temporarily. This could lead to denial of service on critical servers or storage systems undergoing maintenance or dynamic resizing, potentially affecting database servers, file servers, or cloud infrastructure nodes that rely on ext4 and dynamic storage management. Since exploitation requires privileged access and specific conditions (oversized flex_bg_size and online resizing), the risk of widespread disruption is moderate. However, organizations with automated or scripted resizing processes that might use large flex_bg_size values could inadvertently trigger this issue, causing operational disruptions. The vulnerability does not directly expose confidentiality or integrity risks but could indirectly impact availability of critical services. European enterprises with large-scale Linux deployments, especially in cloud, hosting, or data center environments, should be aware of this issue to avoid unexpected downtime during filesystem maintenance.
Mitigation Recommendations
1. Avoid using excessively large flex_bg_size values when creating ext4 filesystems. Stick to default or recommended flex_bg_size settings to prevent triggering this condition. 2. Apply the Linux kernel patch that introduces the MAX_RESIZE_BG limit to ensure that online resizing operations are broken into smaller, manageable steps that do not exceed memory allocation limits. 3. Test any automated or manual filesystem resizing procedures in a controlled environment to verify they do not trigger this vulnerability. 4. Monitor kernel logs for WARN_ON messages related to __alloc_pages during resize2fs operations, which could indicate attempts to resize with oversized flex_bg_size. 5. Restrict filesystem resizing operations to trusted administrators and ensure proper change management to prevent accidental misuse. 6. Consider alternative filesystem types or offline resizing if large-scale resizing is required and cannot be safely performed online. 7. Keep Linux kernel versions up to date with security patches and monitor vendor advisories for backported fixes related to ext4 resizing.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-06T09:52:12.090Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7e29
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 6/30/2025, 8:12:07 AM
Last updated: 8/1/2025, 4:32:42 PM
Views: 10
Related Threats
CVE-2025-33100: CWE-798 Use of Hard-coded Credentials in IBM Concert Software
MediumCVE-2025-33090: CWE-1333 Inefficient Regular Expression Complexity in IBM Concert Software
HighCVE-2025-27909: CWE-942 Permissive Cross-domain Policy with Untrusted Domains in IBM Concert Software
MediumCVE-2025-1759: CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') in IBM Concert Software
MediumCVE-2025-4962: CWE-284 Improper Access Control in lunary-ai lunary-ai/lunary
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.