FKIE_CVE-2023-53214

Vulnerability from fkie_nvd - Published: 2025-09-15 15:15 - Updated: 2025-12-03 16:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential memory corruption in __update_iostat_latency() Add iotype sanity check to avoid potential memory corruption. This is to fix the compile error below: fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow 'io_lat->peak_lat[type]' 3 <= 3 vim +228 fs/f2fs/iostat.c 211 static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx, 212 enum iostat_lat_type type) 213 { 214 unsigned long ts_diff; 215 unsigned int page_type = iostat_ctx->type; 216 struct f2fs_sb_info *sbi = iostat_ctx->sbi; 217 struct iostat_lat_info *io_lat = sbi->iostat_io_lat; 218 unsigned long flags; 219 220 if (!sbi->iostat_enable) 221 return; 222 223 ts_diff = jiffies - iostat_ctx->submit_ts; 224 if (page_type >= META_FLUSH) ^^^^^^^^^^ 225 page_type = META; 226 227 spin_lock_irqsave(&sbi->iostat_lat_lock, flags); @228 io_lat->sum_lat[type][page_type] += ts_diff; ^^^^^^^^^ Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/20b4f3de0f3932f71b4a8daf0671e517a8d98022Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/22ddbbff116ee7dce5431feb1c0f36a507d2d68dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/aa4d726af72a21732ce120484e0b1240674a13b3Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1ACBDD-FBA9-47FA-957F-2CFD557F3921",
              "versionEndExcluding": "5.15.100",
              "versionStartIncluding": "5.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D24FD5-5A98-4042-9419-39DCFCBEFFF5",
              "versionEndExcluding": "6.1.18",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0575B33B-A320-4E51-84CA-10C937341E02",
              "versionEndExcluding": "6.2.5",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential memory corruption in __update_iostat_latency()\n\nAdd iotype sanity check to avoid potential memory corruption.\nThis is to fix the compile error below:\n\nfs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow\n\u0027io_lat-\u003epeak_lat[type]\u0027 3 \u003c= 3\n\nvim +228 fs/f2fs/iostat.c\n\n  211  static inline void __update_iostat_latency(struct bio_iostat_ctx\n\t*iostat_ctx,\n  212\t\t\t\t\tenum iostat_lat_type type)\n  213  {\n  214\t\tunsigned long ts_diff;\n  215\t\tunsigned int page_type = iostat_ctx-\u003etype;\n  216\t\tstruct f2fs_sb_info *sbi = iostat_ctx-\u003esbi;\n  217\t\tstruct iostat_lat_info *io_lat = sbi-\u003eiostat_io_lat;\n  218\t\tunsigned long flags;\n  219\n  220\t\tif (!sbi-\u003eiostat_enable)\n  221\t\t\treturn;\n  222\n  223\t\tts_diff = jiffies - iostat_ctx-\u003esubmit_ts;\n  224\t\tif (page_type \u003e= META_FLUSH)\n                                 ^^^^^^^^^^\n\n  225\t\t\tpage_type = META;\n  226\n  227\t\tspin_lock_irqsave(\u0026sbi-\u003eiostat_lat_lock, flags);\n @228\t\tio_lat-\u003esum_lat[type][page_type] += ts_diff;\n                                      ^^^^^^^^^\nMixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption."
    }
  ],
  "id": "CVE-2023-53214",
  "lastModified": "2025-12-03T16:26:15.690",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-09-15T15:15:48.027",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/20b4f3de0f3932f71b4a8daf0671e517a8d98022"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/22ddbbff116ee7dce5431feb1c0f36a507d2d68d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/aa4d726af72a21732ce120484e0b1240674a13b3"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.