PT-2023-9710 · Linux+3 · Linux Kernel+3

Syzbot

Published

2023-10-02

Updated

2025-02-03

CVE-2023-52786

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a racy may inline data check in dio write, which can cause a denial of service. The problem occurs when the check for existing inline data and the state flag can span a lock cycle, allowing another writer to create inline data before the dio write task acquires the lock. The ext4 dio write iter() function checks the current inline state of the inode and clears the MAY INLINE DATA state flag to either fall back to buffered writes or enforce that any other writers in progress on the inode are not allowed to create inline data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-362

Related Identifiers

BDU:2024-10216

CVE-2023-52786

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9710 · Linux+3 · Linux Kernel+3

CVE-2023-52786

Weakness Enumeration

Related Identifiers

Affected Products

References · 1927