CVE-2023-53143

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description The issue is related to an off-by-one fsmap error on 1k block filesystems in the Linux kernel. It occurs when the ioctl function is called with the FS IOC GETFSMAP command, and the fmh keys structure is not properly validated. Specifically, the ext4 getfsmap datadev function does not correctly handle the case where the fmr physical field is set to 0. This can lead to a crash when the ext4 mb load buddy gfp function is called. The crash is due to insufficient range validation of the keys[1] field in ext4 getfsmap datadev. The ext4 get group no and offset function subtracts the s first data block quantity from the blocknr argument, which can result in an underflow when blocknr is less than s first data block. This underflow can cause an impossibly large group number to be calculated, leading to a crash.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the off-by-one fsmap error on 1k block filesystems. As a temporary workaround, consider avoiding the use of the FS IOC GETFSMAP command on 1k block filesystems until a patch is available. Additionally, restrict access to the ext4 getfsmap datadev function to minimize the risk of exploitation.