CVE-2023-53763

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw related to the f2fs filesystem. A regression was introduced by a previous fix intended to improve sanity checks on the extent cache. The issue manifested as an out-of-bounds array access within the f2fs.h file, specifically at line 3275, when handling extent cache data. The problem was identified by the syzbot fuzzer, which reported a UBSAN error indicating an invalid index access. The root cause was the application of both version 1 and version 2 of a patch, where version 2 was the correct fix, necessitating the reversion of version 1 to resolve the reported issue. The vulnerable code is located within the recover inline status function called from do read inode and f2fs iget.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.