CVE-2023-53511

EPSS 0.03%
Veröffentlicht 01.10.2025 12:15:55
Zuletzt bearbeitet 02.10.2025 19:11:46
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix fget leak when fs don't support nowait buffered read

Heming reported a BUG when using io_uring doing link-cp on ocfs2. [1]

Do the following steps can reproduce this BUG:
mount -t ocfs2 /dev/vdc /mnt/ocfs2
cp testfile /mnt/ocfs2/
./link-cp /mnt/ocfs2/testfile /mnt/ocfs2/testfile.1
umount /mnt/ocfs2

Then umount will fail, and it outputs:
umount: /mnt/ocfs2: target is busy.

While tracing umount, it blames mnt_get_count() not return as expected.
Do a deep investigation for fget()/fput() on related code flow, I've
finally found that fget() leaks since ocfs2 doesn't support nowait
buffered read.

io_issue_sqe
|-io_assign_file  // do fget() first
  |-io_read
  |-io_iter_do_read
    |-ocfs2_file_read_iter  // return -EOPNOTSUPP
  |-kiocb_done
    |-io_rw_done
      |-__io_complete_rw_common  // set REQ_F_REISSUE
    |-io_resubmit_prep
      |-io_req_prep_async  // override req->file, leak happens

This was introduced by commit a196c78b5443 in v5.18. Fix it by don't
re-assign req->file if it has already been assigned.

[1] https://lore.kernel.org/ocfs2-devel/ab580a75-91c8-d68a-3455-40361be1bfa8@linux.alibaba.com/T/#t

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 75a499fc9d66a32271e2b3e4ca71156e8ad3b484

Version a196c78b5443fc61af2c0490213b9d125482cbd1

Status affected

Version < 10fb2e16ee6ffaf1716b9e90d007e6b300bfa457

Version a196c78b5443fc61af2c0490213b9d125482cbd1

Status affected

Version < 54aa7f2330b82884f4a1afce0220add6e8312f8b

Version a196c78b5443fc61af2c0490213b9d125482cbd1

Status affected

Version cef27a7d36026bd3c86f4fdfb4611ebbe2814af4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/10fb2e16ee6ffaf1716b9e90d007e6b300bfa457

https://git.kernel.org/stable/c/54aa7f2330b82884f4a1afce0220add6e8312f8b

https://git.kernel.org/stable/c/75a499fc9d66a32271e2b3e4ca71156e8ad3b484

https://nvd.nist.gov/vuln/detail/CVE-2023-53511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53511

EUVD