CVE-2023-53214

EPSS 0.02%
Published 15.09.2025 14:21:42
Last modified 15.09.2025 15:22:27
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid potential memory corruption in __update_iostat_latency()

Add iotype sanity check to avoid potential memory corruption.
This is to fix the compile error below:

fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
'io_lat->peak_lat[type]' 3 <= 3

vim +228 fs/f2fs/iostat.c

  211  static inline void __update_iostat_latency(struct bio_iostat_ctx
	*iostat_ctx,
  212					enum iostat_lat_type type)
  213  {
  214		unsigned long ts_diff;
  215		unsigned int page_type = iostat_ctx->type;
  216		struct f2fs_sb_info *sbi = iostat_ctx->sbi;
  217		struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
  218		unsigned long flags;
  219
  220		if (!sbi->iostat_enable)
  221			return;
  222
  223		ts_diff = jiffies - iostat_ctx->submit_ts;
  224		if (page_type >= META_FLUSH)
                                 ^^^^^^^^^^

  225			page_type = META;
  226
  227		spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
 @228		io_lat->sum_lat[type][page_type] += ts_diff;
                                      ^^^^^^^^^
Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < aa4d726af72a21732ce120484e0b1240674a13b3

Version a4b6817625e71d5d4aee16cacf7a7fec077c6dbe

Status affected

Version < 22ddbbff116ee7dce5431feb1c0f36a507d2d68d

Version a4b6817625e71d5d4aee16cacf7a7fec077c6dbe

Status affected

Version < 20b4f3de0f3932f71b4a8daf0671e517a8d98022

Version a4b6817625e71d5d4aee16cacf7a7fec077c6dbe

Status affected

Version < 0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592

Version a4b6817625e71d5d4aee16cacf7a7fec077c6dbe

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.100

Status unaffected

Version <= 6.1.*

Version 6.1.18

Status unaffected

Version <= 6.2.*

Version 6.2.5

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/aa4d726af72a21732ce120484e0b1240674a13b3

https://git.kernel.org/stable/c/22ddbbff116ee7dce5431feb1c0f36a507d2d68d

https://git.kernel.org/stable/c/20b4f3de0f3932f71b4a8daf0671e517a8d98022

https://git.kernel.org/stable/c/0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592

https://nvd.nist.gov/vuln/detail/CVE-2023-53214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53214

EUVD