Vulnerability-Lookup

GHSA-38RJ-5VP6-WR6C

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30

Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: flush inode if atomic file is aborted

Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack:

f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs] f2fs_abort_atomic_write+0xc4/0xf0 [f2fs] f2fs_evict_inode+0x3f/0x690 [f2fs] ? sugov_start+0x140/0x140 evict+0xc3/0x1c0 evict_inodes+0x17b/0x210 generic_shutdown_super+0x32/0x120 kill_block_super+0x21/0x50 deactivate_locked_super+0x31/0x90 cleanup_mnt+0x100/0x160 task_work_run+0x59/0x90 do_exit+0x33b/0xa50 do_group_exit+0x2d/0x80 __x64_sys_exit_group+0x14/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd

This triggers f2fs_bug_on() in f2fs_evict_inode: f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE));

This fixes the syzbot report:

loop0: detected capacity change from 0 to 131072 F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Found nat_bits in checkpoint F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 ------------[ cut here ]------------ kernel BUG at fs/f2fs/inode.c:869! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 5014 Comm: syz-executor220 Not tainted 6.4.0-syzkaller-11479-g6cd06ab12d1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869 Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd <0f> 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff8880273b8000 RSI: ffffffff83a2bd0d RDI: 0000000000000007 RBP: ffff888077db91b0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff888029a3c000 R13: ffff888077db9660 R14: ffff888029a3c0b8 R15: ffff888077db9c50 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1909bb9000 CR3: 00000000276a9000 CR4: 0000000000350ef0 Call Trace: evict+0x2ed/0x6b0 fs/inode.c:665 dispose_list+0x117/0x1e0 fs/inode.c:698 evict_inodes+0x345/0x440 fs/inode.c:748 generic_shutdown_super+0xaf/0x480 fs/super.c:478 kill_block_super+0x64/0xb0 fs/super.c:1417 kill_f2fs_super+0x2af/0x3c0 fs/f2fs/super.c:4704 deactivate_locked_super+0x98/0x160 fs/super.c:330 deactivate_super+0xb1/0xd0 fs/super.c:361 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254 task_work_run+0x16f/0x270 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa9a/0x29a0 kernel/exit.c:874 do_group_exit+0xd4/0x2a0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f309be71a09 Code: Unable to access opcode bytes at 0x7f309be719df. RSP: 002b:00007fff171df518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f309bef7330 RCX: 00007f309be71a09 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f309bef1e40 R10: 0000000000010600 R11: 0000000000000246 R12: 00007f309bef7330 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869 Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd <0f> 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000 ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-53829"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T16:17:21Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: flush inode if atomic file is aborted\n\nLet\u0027s flush the inode being aborted atomic operation to avoid stale dirty\ninode during eviction in this call stack:\n\n  f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs]\n  f2fs_abort_atomic_write+0xc4/0xf0 [f2fs]\n  f2fs_evict_inode+0x3f/0x690 [f2fs]\n  ? sugov_start+0x140/0x140\n  evict+0xc3/0x1c0\n  evict_inodes+0x17b/0x210\n  generic_shutdown_super+0x32/0x120\n  kill_block_super+0x21/0x50\n  deactivate_locked_super+0x31/0x90\n  cleanup_mnt+0x100/0x160\n  task_work_run+0x59/0x90\n  do_exit+0x33b/0xa50\n  do_group_exit+0x2d/0x80\n  __x64_sys_exit_group+0x14/0x20\n  do_syscall_64+0x3b/0x90\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThis triggers f2fs_bug_on() in f2fs_evict_inode:\n f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE));\n\nThis fixes the syzbot report:\n\nloop0: detected capacity change from 0 to 131072\nF2FS-fs (loop0): invalid crc value\nF2FS-fs (loop0): Found nat_bits in checkpoint\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inode.c:869!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 5014 Comm: syz-executor220 Not tainted 6.4.0-syzkaller-11479-g6cd06ab12d1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nRIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869\nCode: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd \u003c0f\u003e 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc\nRSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff8880273b8000 RSI: ffffffff83a2bd0d RDI: 0000000000000007\nRBP: ffff888077db91b0 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888029a3c000\nR13: ffff888077db9660 R14: ffff888029a3c0b8 R15: ffff888077db9c50\nFS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1909bb9000 CR3: 00000000276a9000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n evict+0x2ed/0x6b0 fs/inode.c:665\n dispose_list+0x117/0x1e0 fs/inode.c:698\n evict_inodes+0x345/0x440 fs/inode.c:748\n generic_shutdown_super+0xaf/0x480 fs/super.c:478\n kill_block_super+0x64/0xb0 fs/super.c:1417\n kill_f2fs_super+0x2af/0x3c0 fs/f2fs/super.c:4704\n deactivate_locked_super+0x98/0x160 fs/super.c:330\n deactivate_super+0xb1/0xd0 fs/super.c:361\n cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xa9a/0x29a0 kernel/exit.c:874\n do_group_exit+0xd4/0x2a0 kernel/exit.c:1024\n __do_sys_exit_group kernel/exit.c:1035 [inline]\n __se_sys_exit_group kernel/exit.c:1033 [inline]\n __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1033\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f309be71a09\nCode: Unable to access opcode bytes at 0x7f309be719df.\nRSP: 002b:00007fff171df518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f309bef7330 RCX: 00007f309be71a09\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f309bef1e40\nR10: 0000000000010600 R11: 0000000000000246 R12: 00007f309bef7330\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869\nCode: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd \u003c0f\u003e 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc\nRSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000\n---truncated---",
  "id": "GHSA-38rj-5vp6-wr6c",
  "modified": "2025-12-09T18:30:32Z",
  "published": "2025-12-09T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53829"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c64dbe8fa3552a340bca6d7fa09468c16ed2a85"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3ab55746612247ce3dcaac6de66f5ffc055b9df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bfa7853bb47fee0c17030b377c98cf4ede47ba33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2023-53829 (GCVE-0-2023-53829)

Vulnerability from cvelistv5 – Published: 2025-12-09 01:29 – Updated: 2025-12-20 08:51

Title

f2fs: flush inode if atomic file is aborted

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: flush inode if atomic file is aborted Let's flush the inode being aborted atomic operation to avoid stale dirty inode during eviction in this call stack: f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs] f2fs_abort_atomic_write+0xc4/0xf0 [f2fs] f2fs_evict_inode+0x3f/0x690 [f2fs] ? sugov_start+0x140/0x140 evict+0xc3/0x1c0 evict_inodes+0x17b/0x210 generic_shutdown_super+0x32/0x120 kill_block_super+0x21/0x50 deactivate_locked_super+0x31/0x90 cleanup_mnt+0x100/0x160 task_work_run+0x59/0x90 do_exit+0x33b/0xa50 do_group_exit+0x2d/0x80 __x64_sys_exit_group+0x14/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd This triggers f2fs_bug_on() in f2fs_evict_inode: f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE)); This fixes the syzbot report: loop0: detected capacity change from 0 to 131072 F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Found nat_bits in checkpoint F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 ------------[ cut here ]------------ kernel BUG at fs/f2fs/inode.c:869! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 5014 Comm: syz-executor220 Not tainted 6.4.0-syzkaller-11479-g6cd06ab12d1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869 Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd <0f> 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff8880273b8000 RSI: ffffffff83a2bd0d RDI: 0000000000000007 RBP: ffff888077db91b0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff888029a3c000 R13: ffff888077db9660 R14: ffff888029a3c0b8 R15: ffff888077db9c50 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1909bb9000 CR3: 00000000276a9000 CR4: 0000000000350ef0 Call Trace: <TASK> evict+0x2ed/0x6b0 fs/inode.c:665 dispose_list+0x117/0x1e0 fs/inode.c:698 evict_inodes+0x345/0x440 fs/inode.c:748 generic_shutdown_super+0xaf/0x480 fs/super.c:478 kill_block_super+0x64/0xb0 fs/super.c:1417 kill_f2fs_super+0x2af/0x3c0 fs/f2fs/super.c:4704 deactivate_locked_super+0x98/0x160 fs/super.c:330 deactivate_super+0xb1/0xd0 fs/super.c:361 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254 task_work_run+0x16f/0x270 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa9a/0x29a0 kernel/exit.c:874 do_group_exit+0xd4/0x2a0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f309be71a09 Code: Unable to access opcode bytes at 0x7f309be719df. RSP: 002b:00007fff171df518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f309bef7330 RCX: 00007f309be71a09 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f309bef1e40 R10: 0000000000010600 R11: 0000000000000246 R12: 00007f309bef7330 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869 Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd <0f> 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1c64dbe8fa3552a34…
	https://git.kernel.org/stable/c/bfa7853bb47fee0c1…
	https://git.kernel.org/stable/c/a3ab55746612247ce…

Impacted products

Vendor

Product

Version

Linux

Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 1c64dbe8fa3552a340bca6d7fa09468c16ed2a85 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < bfa7853bb47fee0c17030b377c98cf4ede47ba33 (git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < a3ab55746612247ce3dcaac6de66f5ffc055b9df (git)

Linux

Affected: 3.8
Unaffected: 0 , < 3.8 (semver)
Unaffected: 6.1.54 , ≤ 6.1.* (semver)
Unaffected: 6.5.4 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1c64dbe8fa3552a340bca6d7fa09468c16ed2a85",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "bfa7853bb47fee0c17030b377c98cf4ede47ba33",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "a3ab55746612247ce3dcaac6de66f5ffc055b9df",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.54",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.4",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: flush inode if atomic file is aborted\n\nLet\u0027s flush the inode being aborted atomic operation to avoid stale dirty\ninode during eviction in this call stack:\n\n  f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs]\n  f2fs_abort_atomic_write+0xc4/0xf0 [f2fs]\n  f2fs_evict_inode+0x3f/0x690 [f2fs]\n  ? sugov_start+0x140/0x140\n  evict+0xc3/0x1c0\n  evict_inodes+0x17b/0x210\n  generic_shutdown_super+0x32/0x120\n  kill_block_super+0x21/0x50\n  deactivate_locked_super+0x31/0x90\n  cleanup_mnt+0x100/0x160\n  task_work_run+0x59/0x90\n  do_exit+0x33b/0xa50\n  do_group_exit+0x2d/0x80\n  __x64_sys_exit_group+0x14/0x20\n  do_syscall_64+0x3b/0x90\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThis triggers f2fs_bug_on() in f2fs_evict_inode:\n f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE));\n\nThis fixes the syzbot report:\n\nloop0: detected capacity change from 0 to 131072\nF2FS-fs (loop0): invalid crc value\nF2FS-fs (loop0): Found nat_bits in checkpoint\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inode.c:869!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 5014 Comm: syz-executor220 Not tainted 6.4.0-syzkaller-11479-g6cd06ab12d1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nRIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869\nCode: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd \u003c0f\u003e 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc\nRSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff8880273b8000 RSI: ffffffff83a2bd0d RDI: 0000000000000007\nRBP: ffff888077db91b0 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888029a3c000\nR13: ffff888077db9660 R14: ffff888029a3c0b8 R15: ffff888077db9c50\nFS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1909bb9000 CR3: 00000000276a9000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n evict+0x2ed/0x6b0 fs/inode.c:665\n dispose_list+0x117/0x1e0 fs/inode.c:698\n evict_inodes+0x345/0x440 fs/inode.c:748\n generic_shutdown_super+0xaf/0x480 fs/super.c:478\n kill_block_super+0x64/0xb0 fs/super.c:1417\n kill_f2fs_super+0x2af/0x3c0 fs/f2fs/super.c:4704\n deactivate_locked_super+0x98/0x160 fs/super.c:330\n deactivate_super+0xb1/0xd0 fs/super.c:361\n cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xa9a/0x29a0 kernel/exit.c:874\n do_group_exit+0xd4/0x2a0 kernel/exit.c:1024\n __do_sys_exit_group kernel/exit.c:1035 [inline]\n __se_sys_exit_group kernel/exit.c:1033 [inline]\n __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1033\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f309be71a09\nCode: Unable to access opcode bytes at 0x7f309be719df.\nRSP: 002b:00007fff171df518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f309bef7330 RCX: 00007f309be71a09\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f309bef1e40\nR10: 0000000000010600 R11: 0000000000000246 R12: 00007f309bef7330\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869\nCode: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd \u003c0f\u003e 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc\nRSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-20T08:51:28.897Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1c64dbe8fa3552a340bca6d7fa09468c16ed2a85"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfa7853bb47fee0c17030b377c98cf4ede47ba33"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3ab55746612247ce3dcaac6de66f5ffc055b9df"
        }
      ],
      "title": "f2fs: flush inode if atomic file is aborted",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53829",
    "datePublished": "2025-12-09T01:29:43.645Z",
    "dateReserved": "2025-12-09T01:27:17.825Z",
    "dateUpdated": "2025-12-20T08:51:28.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-38RJ-5VP6-WR6C

CVE-2023-53829 (GCVE-0-2023-53829)

Tags

Sightings

Nomenclature