CVE-2023-53695 (GCVE-0-2023-53695)

Vulnerability from cvelistv5 – Published: 2025-10-22 13:23 – Updated: 2026-01-05 10:32
VLAI?
Title
udf: Detect system inodes linked into directory hierarchy
Summary
In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the filesystem and kernel confusion as noticed by syzbot fuzzed images. Refuse to access system inodes linked into directory hierarchy and vice versa.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 6174c2eb8ecef271159bdcde460ce8af54d8f72f , < 1dc71eeb198a8daa17d0c995998a53b0b749a158 (git)
Affected: 6174c2eb8ecef271159bdcde460ce8af54d8f72f , < d747b31e2925a2f384e7dd1901a2e5bc5f984ed8 (git)
Affected: 6174c2eb8ecef271159bdcde460ce8af54d8f72f , < a44ec34b90440ada190924f5908b97026504fdcd (git)
Affected: 6174c2eb8ecef271159bdcde460ce8af54d8f72f , < 37e74003d81e79457535cbbdfa1603431c03fac0 (git)
Affected: 6174c2eb8ecef271159bdcde460ce8af54d8f72f , < 1f328751b65c49c13a312d67a3bf27766b85baf7 (git)
Affected: 6174c2eb8ecef271159bdcde460ce8af54d8f72f , < 9e3b5ef7d02eaa6553e79b4af9bd99227280f245 (git)
Affected: 6174c2eb8ecef271159bdcde460ce8af54d8f72f , < 85a37983ec69cc9fcd188bc37c4de15ee326355a (git)
Affected: 801c7a20d255e300ab51a6fcb1d0e218d136b16f (git)
Create a notification for this product.
    Linux Linux Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.278 , ≤ 4.19.* (semver)
Unaffected: 5.4.235 , ≤ 5.4.* (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/udf/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1dc71eeb198a8daa17d0c995998a53b0b749a158",
              "status": "affected",
              "version": "6174c2eb8ecef271159bdcde460ce8af54d8f72f",
              "versionType": "git"
            },
            {
              "lessThan": "d747b31e2925a2f384e7dd1901a2e5bc5f984ed8",
              "status": "affected",
              "version": "6174c2eb8ecef271159bdcde460ce8af54d8f72f",
              "versionType": "git"
            },
            {
              "lessThan": "a44ec34b90440ada190924f5908b97026504fdcd",
              "status": "affected",
              "version": "6174c2eb8ecef271159bdcde460ce8af54d8f72f",
              "versionType": "git"
            },
            {
              "lessThan": "37e74003d81e79457535cbbdfa1603431c03fac0",
              "status": "affected",
              "version": "6174c2eb8ecef271159bdcde460ce8af54d8f72f",
              "versionType": "git"
            },
            {
              "lessThan": "1f328751b65c49c13a312d67a3bf27766b85baf7",
              "status": "affected",
              "version": "6174c2eb8ecef271159bdcde460ce8af54d8f72f",
              "versionType": "git"
            },
            {
              "lessThan": "9e3b5ef7d02eaa6553e79b4af9bd99227280f245",
              "status": "affected",
              "version": "6174c2eb8ecef271159bdcde460ce8af54d8f72f",
              "versionType": "git"
            },
            {
              "lessThan": "85a37983ec69cc9fcd188bc37c4de15ee326355a",
              "status": "affected",
              "version": "6174c2eb8ecef271159bdcde460ce8af54d8f72f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "801c7a20d255e300ab51a6fcb1d0e218d136b16f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/udf/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.278",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.17.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Detect system inodes linked into directory hierarchy\n\nWhen UDF filesystem is corrupted, hidden system inodes can be linked\ninto directory hierarchy which is an avenue for further serious\ncorruption of the filesystem and kernel confusion as noticed by syzbot\nfuzzed images. Refuse to access system inodes linked into directory\nhierarchy and vice versa."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:32:26.458Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1dc71eeb198a8daa17d0c995998a53b0b749a158"
        },
        {
          "url": "https://git.kernel.org/stable/c/d747b31e2925a2f384e7dd1901a2e5bc5f984ed8"
        },
        {
          "url": "https://git.kernel.org/stable/c/a44ec34b90440ada190924f5908b97026504fdcd"
        },
        {
          "url": "https://git.kernel.org/stable/c/37e74003d81e79457535cbbdfa1603431c03fac0"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f328751b65c49c13a312d67a3bf27766b85baf7"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e3b5ef7d02eaa6553e79b4af9bd99227280f245"
        },
        {
          "url": "https://git.kernel.org/stable/c/85a37983ec69cc9fcd188bc37c4de15ee326355a"
        }
      ],
      "title": "udf: Detect system inodes linked into directory hierarchy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53695",
    "datePublished": "2025-10-22T13:23:36.524Z",
    "dateReserved": "2025-10-22T13:21:37.344Z",
    "dateUpdated": "2026-01-05T10:32:26.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53695\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-22T14:15:44.000\",\"lastModified\":\"2025-10-22T21:12:48.953\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nudf: Detect system inodes linked into directory hierarchy\\n\\nWhen UDF filesystem is corrupted, hidden system inodes can be linked\\ninto directory hierarchy which is an avenue for further serious\\ncorruption of the filesystem and kernel confusion as noticed by syzbot\\nfuzzed images. Refuse to access system inodes linked into directory\\nhierarchy and vice versa.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1dc71eeb198a8daa17d0c995998a53b0b749a158\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1f328751b65c49c13a312d67a3bf27766b85baf7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/37e74003d81e79457535cbbdfa1603431c03fac0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/85a37983ec69cc9fcd188bc37c4de15ee326355a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9e3b5ef7d02eaa6553e79b4af9bd99227280f245\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a44ec34b90440ada190924f5908b97026504fdcd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d747b31e2925a2f384e7dd1901a2e5bc5f984ed8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}