CVE-2023-53035: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the size of the metadata element (nilfs_suinfo structure or nilfs_cpinfo structure) on the file system side. KMSAN-enabled kernels detect this issue as follows: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xc0/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572 alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287 __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599 nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 16-127 of 3968 are uninitialized ... This eliminates the leak issue by initializing the page allocated as buffer using get_zeroed_page().
AI Analysis
Technical Summary
CVE-2023-53035 is a vulnerability identified in the Linux kernel's NILFS2 (New Implementation of a Log-structured File System) subsystem. The flaw exists in the ioctl helper function nilfs_ioctl_wrap_copy(), which is responsible for exchanging metadata arrays between kernel space and user space. Specifically, the vulnerability arises when the user-space metadata element size (v_size) provided in the nilfs_argv structure is larger than the corresponding metadata element size on the file system side (either nilfs_suinfo or nilfs_cpinfo structures). Under these conditions, the function may copy uninitialized kernel memory regions to user space during read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This results in an information leak, exposing potentially sensitive kernel memory contents to unprivileged users. The issue was detected by Kernel Memory Sanitizer (KMSAN) instrumentation, which flagged kernel-infoleak errors during the copy_to_user operation. The root cause is that the allocated buffer page used for copying metadata was not zero-initialized, allowing residual uninitialized data to be copied out. The fix implemented involves initializing the allocated buffer page with get_zeroed_page(), ensuring no uninitialized kernel memory is leaked to user space. This vulnerability affects Linux kernel versions containing the specified commit hashes prior to the patch and is relevant to systems using the NILFS2 file system. No known exploits are reported in the wild as of the publication date. No CVSS score has been assigned to this vulnerability yet.
Potential Impact
For European organizations, the impact of CVE-2023-53035 primarily concerns confidentiality risks due to kernel memory information leakage. Although this vulnerability does not directly allow privilege escalation or code execution, leaking kernel memory can expose sensitive data such as kernel pointers, internal kernel data structures, or other metadata that could aid attackers in crafting further attacks or bypassing security mechanisms like Kernel Address Space Layout Randomization (KASLR). Organizations running Linux servers or workstations with NILFS2 file systems are at risk. NILFS2 is less commonly used than other file systems like ext4 or XFS but is favored in some niche environments requiring continuous snapshotting and log-structured file system features. European enterprises in sectors such as research, telecommunications, or specialized storage infrastructures might employ NILFS2. The vulnerability requires local access to invoke the ioctl commands, so the threat surface is limited to users or processes with local system access. However, in multi-tenant or shared environments, this could allow unprivileged users to glean kernel memory contents, potentially facilitating privilege escalation or targeted attacks. The absence of known exploits reduces immediate risk, but the vulnerability's presence in the Linux kernel mandates timely patching to prevent information disclosure that could be leveraged in multi-stage attacks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that initialize the buffer with get_zeroed_page() as soon as they become available for your distribution or kernel version. 2. If immediate patching is not feasible, restrict local user access to systems running NILFS2 file systems to trusted personnel only, minimizing the risk of exploitation. 3. Monitor and audit usage of ioctl commands related to NILFS2, particularly NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO, to detect unusual or unauthorized invocations. 4. Consider disabling or avoiding the use of NILFS2 file systems on critical systems unless required, migrating data to more commonly used and actively maintained file systems with fewer known vulnerabilities. 5. Employ kernel hardening and memory protection mechanisms such as KASLR and Kernel Page Table Isolation (KPTI) to reduce the impact of potential information leaks. 6. Maintain up-to-date system monitoring and intrusion detection to identify suspicious local activity that could indicate attempts to exploit this or related vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark
CVE-2023-53035: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the size of the metadata element (nilfs_suinfo structure or nilfs_cpinfo structure) on the file system side. KMSAN-enabled kernels detect this issue as follows: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xc0/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572 alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287 __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599 nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 16-127 of 3968 are uninitialized ... This eliminates the leak issue by initializing the page allocated as buffer using get_zeroed_page().
AI-Powered Analysis
Technical Analysis
CVE-2023-53035 is a vulnerability identified in the Linux kernel's NILFS2 (New Implementation of a Log-structured File System) subsystem. The flaw exists in the ioctl helper function nilfs_ioctl_wrap_copy(), which is responsible for exchanging metadata arrays between kernel space and user space. Specifically, the vulnerability arises when the user-space metadata element size (v_size) provided in the nilfs_argv structure is larger than the corresponding metadata element size on the file system side (either nilfs_suinfo or nilfs_cpinfo structures). Under these conditions, the function may copy uninitialized kernel memory regions to user space during read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This results in an information leak, exposing potentially sensitive kernel memory contents to unprivileged users. The issue was detected by Kernel Memory Sanitizer (KMSAN) instrumentation, which flagged kernel-infoleak errors during the copy_to_user operation. The root cause is that the allocated buffer page used for copying metadata was not zero-initialized, allowing residual uninitialized data to be copied out. The fix implemented involves initializing the allocated buffer page with get_zeroed_page(), ensuring no uninitialized kernel memory is leaked to user space. This vulnerability affects Linux kernel versions containing the specified commit hashes prior to the patch and is relevant to systems using the NILFS2 file system. No known exploits are reported in the wild as of the publication date. No CVSS score has been assigned to this vulnerability yet.
Potential Impact
For European organizations, the impact of CVE-2023-53035 primarily concerns confidentiality risks due to kernel memory information leakage. Although this vulnerability does not directly allow privilege escalation or code execution, leaking kernel memory can expose sensitive data such as kernel pointers, internal kernel data structures, or other metadata that could aid attackers in crafting further attacks or bypassing security mechanisms like Kernel Address Space Layout Randomization (KASLR). Organizations running Linux servers or workstations with NILFS2 file systems are at risk. NILFS2 is less commonly used than other file systems like ext4 or XFS but is favored in some niche environments requiring continuous snapshotting and log-structured file system features. European enterprises in sectors such as research, telecommunications, or specialized storage infrastructures might employ NILFS2. The vulnerability requires local access to invoke the ioctl commands, so the threat surface is limited to users or processes with local system access. However, in multi-tenant or shared environments, this could allow unprivileged users to glean kernel memory contents, potentially facilitating privilege escalation or targeted attacks. The absence of known exploits reduces immediate risk, but the vulnerability's presence in the Linux kernel mandates timely patching to prevent information disclosure that could be leveraged in multi-stage attacks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that initialize the buffer with get_zeroed_page() as soon as they become available for your distribution or kernel version. 2. If immediate patching is not feasible, restrict local user access to systems running NILFS2 file systems to trusted personnel only, minimizing the risk of exploitation. 3. Monitor and audit usage of ioctl commands related to NILFS2, particularly NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO, to detect unusual or unauthorized invocations. 4. Consider disabling or avoiding the use of NILFS2 file systems on critical systems unless required, migrating data to more commonly used and actively maintained file systems with fewer known vulnerabilities. 5. Employ kernel hardening and memory protection mechanisms such as KASLR and Kernel Page Table Isolation (KPTI) to reduce the impact of potential information leaks. 6. Maintain up-to-date system monitoring and intrusion detection to identify suspicious local activity that could indicate attempts to exploit this or related vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-27T16:40:15.763Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe6d9b
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 3:26:44 AM
Last updated: 7/29/2025, 3:20:32 AM
Views: 10
Related Threats
CVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8451: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets
MediumCVE-2025-8013: CWE-918 Server-Side Request Forgery (SSRF) in quttera Quttera Web Malware Scanner
LowCVE-2025-6679: CWE-434 Unrestricted Upload of File with Dangerous Type in bitpressadmin Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder
CriticalCVE-2025-9013: SQL Injection in PHPGurukul Online Shopping Portal Project
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.