CVE-2023-53100: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue: EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" fscrypt: AES-256-XTS using implementation "xts-aes-aesni" ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 Modules linked in: CPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 RSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246 RAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000 RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248 RBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220 R10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40 R13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c FS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113 __do_kmalloc_node mm/slab_common.c:956 [inline] __kmalloc+0xfe/0x190 mm/slab_common.c:981 kmalloc include/linux/slab.h:584 [inline] kzalloc include/linux/slab.h:720 [inline] ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346 ext4_update_inline_dir fs/ext4/inline.c:1115 [inline] ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307 ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385 ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772 ext4_create+0x36c/0x560 fs/ext4/namei.c:2817 lookup_open fs/namei.c:3413 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x12ac/0x2dd0 fs/namei.c:3711 do_filp_open+0x264/0x4f0 fs/namei.c:3741 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Above issue happens as follows: ext4_iget ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60 ext4_try_add_inline_entry __ext4_mark_inode_dirty ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44 ext4_xattr_shift_entries ->after shift i_inline_off is incorrect, actually is change to 176 ext4_try_add_inline_entry ext4_update_inline_dir get_max_inline_xattr_value_size if (EXT4_I(inode)->i_inline_off) entry = (struct ext4_xattr_entry *)((void *)raw_inode + EXT4_I(inode)->i_inline_off); free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)); ->As entry is incorrect, then 'free' may be negative ext4_update_inline_data value = kzalloc(len, GFP_NOFS); -> len is unsigned int, maybe very large, then trigger warning when 'kzalloc()' To resolve the above issue we need to update 'i_inline_off' after 'ext4_xattr_shift_entries()'. We do not need to set EXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty() already sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA when it is needed may trigger a BUG_ON in ext4_writepages().
AI Analysis
Technical Summary
CVE-2023-53100 is a vulnerability identified in the Linux kernel's ext4 filesystem implementation, specifically related to the handling of inline data updates within ext4. The issue arises during the process of updating inline extended attributes (xattrs) in the ext4 filesystem. The vulnerability is triggered by an incorrect update of the 'i_inline_off' offset after shifting extended attribute entries via the ext4_xattr_shift_entries() function. This incorrect offset leads to an erroneous calculation of available free space for inline data, potentially resulting in a negative 'free' value. Consequently, this causes the ext4_update_inline_data() function to attempt a memory allocation (kzalloc) with an excessively large size parameter, which triggers a kernel warning and could lead to memory corruption or instability. The root cause is a failure to properly update the inline offset after modifying extended attribute entries, which can cause the kernel to mismanage memory allocation sizes during inline data updates. The vulnerability was discovered by Syzbot, an automated kernel fuzzer, and is documented with detailed kernel stack traces illustrating the failure in __alloc_pages and related memory allocation functions. The fix involves correctly updating the 'i_inline_off' offset after shifting xattr entries and avoiding unnecessary flag settings that could trigger kernel bugs. This vulnerability affects Linux kernel versions prior to the patch and is relevant to systems using ext4 filesystems with inline data and extended attributes enabled. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to Linux-based systems utilizing the ext4 filesystem with inline data and extended attributes. The impact includes potential kernel warnings, memory allocation failures, and possible kernel instability or crashes, which could lead to denial of service (DoS) conditions. While there is no direct evidence of privilege escalation or remote code execution, the instability caused by this flaw could disrupt critical services, especially in environments relying on Linux servers for web hosting, cloud infrastructure, or enterprise applications. Given the widespread use of Linux in European data centers, cloud providers, and government infrastructure, the vulnerability could affect availability and reliability of services. Systems running customized or older Linux kernels without the patch are at higher risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation, especially in targeted attacks against high-value infrastructure. Organizations with strict uptime requirements or those operating critical infrastructure should prioritize patching to avoid unexpected service interruptions.
Mitigation Recommendations
European organizations should implement the following specific mitigation steps: 1) Identify all Linux systems using ext4 filesystems, particularly those with inline data and extended attribute features enabled. 2) Verify kernel versions and apply the official Linux kernel patches that address CVE-2023-53100 as soon as they become available. 3) For systems where immediate patching is not feasible, consider temporarily disabling inline data features or extended attributes if possible, to reduce exposure. 4) Monitor kernel logs for warnings related to ext4_update_inline_data or __alloc_pages to detect potential exploitation attempts or instability. 5) Employ rigorous testing of kernel updates in staging environments to ensure stability before production deployment. 6) Maintain updated backups and disaster recovery plans to mitigate potential service disruptions caused by kernel crashes. 7) Engage with Linux distribution vendors for timely security updates and advisories. 8) For cloud environments, coordinate with providers to ensure underlying host kernels are patched promptly. These targeted actions go beyond generic advice by focusing on ext4 inline data usage and kernel log monitoring specific to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2023-53100: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue: EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" fscrypt: AES-256-XTS using implementation "xts-aes-aesni" ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 Modules linked in: CPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 RSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246 RAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000 RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248 RBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220 R10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40 R13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c FS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113 __do_kmalloc_node mm/slab_common.c:956 [inline] __kmalloc+0xfe/0x190 mm/slab_common.c:981 kmalloc include/linux/slab.h:584 [inline] kzalloc include/linux/slab.h:720 [inline] ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346 ext4_update_inline_dir fs/ext4/inline.c:1115 [inline] ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307 ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385 ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772 ext4_create+0x36c/0x560 fs/ext4/namei.c:2817 lookup_open fs/namei.c:3413 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x12ac/0x2dd0 fs/namei.c:3711 do_filp_open+0x264/0x4f0 fs/namei.c:3741 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Above issue happens as follows: ext4_iget ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60 ext4_try_add_inline_entry __ext4_mark_inode_dirty ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44 ext4_xattr_shift_entries ->after shift i_inline_off is incorrect, actually is change to 176 ext4_try_add_inline_entry ext4_update_inline_dir get_max_inline_xattr_value_size if (EXT4_I(inode)->i_inline_off) entry = (struct ext4_xattr_entry *)((void *)raw_inode + EXT4_I(inode)->i_inline_off); free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)); ->As entry is incorrect, then 'free' may be negative ext4_update_inline_data value = kzalloc(len, GFP_NOFS); -> len is unsigned int, maybe very large, then trigger warning when 'kzalloc()' To resolve the above issue we need to update 'i_inline_off' after 'ext4_xattr_shift_entries()'. We do not need to set EXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty() already sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA when it is needed may trigger a BUG_ON in ext4_writepages().
AI-Powered Analysis
Technical Analysis
CVE-2023-53100 is a vulnerability identified in the Linux kernel's ext4 filesystem implementation, specifically related to the handling of inline data updates within ext4. The issue arises during the process of updating inline extended attributes (xattrs) in the ext4 filesystem. The vulnerability is triggered by an incorrect update of the 'i_inline_off' offset after shifting extended attribute entries via the ext4_xattr_shift_entries() function. This incorrect offset leads to an erroneous calculation of available free space for inline data, potentially resulting in a negative 'free' value. Consequently, this causes the ext4_update_inline_data() function to attempt a memory allocation (kzalloc) with an excessively large size parameter, which triggers a kernel warning and could lead to memory corruption or instability. The root cause is a failure to properly update the inline offset after modifying extended attribute entries, which can cause the kernel to mismanage memory allocation sizes during inline data updates. The vulnerability was discovered by Syzbot, an automated kernel fuzzer, and is documented with detailed kernel stack traces illustrating the failure in __alloc_pages and related memory allocation functions. The fix involves correctly updating the 'i_inline_off' offset after shifting xattr entries and avoiding unnecessary flag settings that could trigger kernel bugs. This vulnerability affects Linux kernel versions prior to the patch and is relevant to systems using ext4 filesystems with inline data and extended attributes enabled. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to Linux-based systems utilizing the ext4 filesystem with inline data and extended attributes. The impact includes potential kernel warnings, memory allocation failures, and possible kernel instability or crashes, which could lead to denial of service (DoS) conditions. While there is no direct evidence of privilege escalation or remote code execution, the instability caused by this flaw could disrupt critical services, especially in environments relying on Linux servers for web hosting, cloud infrastructure, or enterprise applications. Given the widespread use of Linux in European data centers, cloud providers, and government infrastructure, the vulnerability could affect availability and reliability of services. Systems running customized or older Linux kernels without the patch are at higher risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation, especially in targeted attacks against high-value infrastructure. Organizations with strict uptime requirements or those operating critical infrastructure should prioritize patching to avoid unexpected service interruptions.
Mitigation Recommendations
European organizations should implement the following specific mitigation steps: 1) Identify all Linux systems using ext4 filesystems, particularly those with inline data and extended attribute features enabled. 2) Verify kernel versions and apply the official Linux kernel patches that address CVE-2023-53100 as soon as they become available. 3) For systems where immediate patching is not feasible, consider temporarily disabling inline data features or extended attributes if possible, to reduce exposure. 4) Monitor kernel logs for warnings related to ext4_update_inline_data or __alloc_pages to detect potential exploitation attempts or instability. 5) Employ rigorous testing of kernel updates in staging environments to ensure stability before production deployment. 6) Maintain updated backups and disaster recovery plans to mitigate potential service disruptions caused by kernel crashes. 7) Engage with Linux distribution vendors for timely security updates and advisories. 8) For cloud environments, coordinate with providers to ensure underlying host kernels are patched promptly. These targeted actions go beyond generic advice by focusing on ext4 inline data usage and kernel log monitoring specific to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-02T15:51:43.553Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe6fa9
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 4:13:49 AM
Last updated: 8/17/2025, 1:12:13 AM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.