CVE-2023-53101

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc1-00004-g703695902cfa

Description A vulnerability in the Linux kernel has been identified, where the inconsistency between i size and i disksize can trigger a kernel warning when the boot loader inode is initialized. This issue occurs when the boot loader inode has never been used before and has a non-zero i size. The vulnerability can be reproduced by creating a corrupted ext4 image, mounting it, and running a specific program that utilizes the EXT4 IOC SWAP BOOT ioctl and writes to the file.

Recommendations For Linux kernel versions prior to 6.3.0-rc1-00004-g703695902cfa, set i disksize as well as i size to zero when initializing the boot loader inode to resolve the issue. As a temporary workaround, consider avoiding the use of the EXT4 IOC SWAP BOOT ioctl until a patch is available. Restrict access to the affected ext4 file system to minimize the risk of exploitation.