CVE-2023-53846

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc7-syzkaller-00041-ge660abd551f1

Description The Linux kernel contains a flaw within the f2fs file system related to handling inode truncation. Specifically, a missing sanity check in the truncate dnode() function can lead to out-of-bounds access when traversing mapping data, potentially resulting in a slab-use-after-free condition. The issue arises when an inode references another inode, and the first inode is truncated, triggering the vulnerability during data block truncation of the referenced inode. The fix introduces a sanity check on the dnode page within truncate dnode() and adds a new error, ERROR INVALID NODE REFERENCE, to the superblock for detection by fsck. The function f2fs truncate data blocks() was removed as part of the fix, and f2fs truncate data blocks range() is used instead.

Recommendations Update to a version newer than 6.4.0-rc7-syzkaller-00041-ge660abd551f1.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-53846

OESA-2026-1075

OESA-2026-1076

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Debian

Linux Kernel

F2Fs

CVE-2023-53846

Related Identifiers

Affected Products

References · 1475