CVE-2023-53183

EPSS 0.02%
Veröffentlicht 15.09.2025 14:04:35
Zuletzt bearbeitet 02.12.2025 02:56:50
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

btrfs: exit gracefully if reloc roots don't match

[BUG]
Syzbot reported a crash that an ASSERT() got triggered inside
prepare_to_merge().

[CAUSE]
The root cause of the triggered ASSERT() is we can have a race between
quota tree creation and relocation.

This leads us to create a duplicated quota tree in the
btrfs_read_fs_root() path, and since it's treated as fs tree, it would
have ROOT_SHAREABLE flag, causing us to create a reloc tree for it.

The bug itself is fixed by a dedicated patch for it, but this already
taught us the ASSERT() is not something straightforward for
developers.

[ENHANCEMENT]
Instead of using an ASSERT(), let's handle it gracefully and output
extra info about the mismatch reloc roots to help debug.

Also with the above ASSERT() removed, we can trigger ASSERT(0)s inside
merge_reloc_roots() later.
Also replace those ASSERT(0)s with WARN_ON()s.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.15.127

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.46

Linux ≫ Linux Kernel Version >= 6.2 < 6.4.11

Linux ≫ Linux Kernel Version6.5 Updaterc1

Linux ≫ Linux Kernel Version6.5 Updaterc2

Linux ≫ Linux Kernel Version6.5 Updaterc3

Linux ≫ Linux Kernel Version6.5 Updaterc4

Linux ≫ Linux Kernel Version6.5 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://git.kernel.org/stable/c/69dd147de419b04d1d8d2ca67ef424cddd5b8fd5

Patch

https://git.kernel.org/stable/c/9d04716e36654275aea00fb93fc9b30b850925e7

Patch

https://git.kernel.org/stable/c/a96b6519ac71583835cb46d74bc450de5a13877f

Patch

https://git.kernel.org/stable/c/05d7ce504545f7874529701664c90814ca645c5d

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53183

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53183

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53183

EUVD