CVE-2023-53081

HIGH

Linux Kernel 4.9.242-4.10 - Out-of-bounds Write via Failed Buffered Write Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting written and so data copied to the page is lost. Fix the problem by invalidating page beyond EOF after failed write.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3

Patch

https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45

Patch

https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089

Patch

https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68

Patch

https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6

Patch

https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b

Patch

https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57

Patch

https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715

Scores

CVSS v3 7.8

EPSS 0.0017

EPSS Percentile 6.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (27)

Linux/Linux < 5.10

Linux/Linux 36ed9e604215f58cec0381ca5fcc6da05f2d87ca

Linux/Linux 4.14.204 - 4.14.312

Linux/Linux 4.14.312 - 4.14.*

Linux/Linux 4.19.155 - 4.19.280

Linux/Linux 4.19.280 - 4.19.*

Linux/Linux 4.9.242 - 4.10

Linux/Linux 5.10

Linux/Linux 5.10.177 - 5.10.*

Linux/Linux 5.15.105 - 5.15.*

... and 17 more

Published May 02, 2025

Tracked Since Feb 18, 2026