CVE-2023-53137

02.05.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

ext4: Fix possible corruption when moving a directory

When we are renaming a directory to a different directory, we need to
update '..' entry in the moved directory. However nothing prevents moved
directory from being modified and even converted from the inline format
to the normal format. When such race happens the rename code gets
confused and we crash. Fix the problem by locking the moved directory.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.234-1 fixed
bookworm	6.1.129-1 fixed
bookworm (security)	6.1.135-1 fixed
trixie	6.12.22-1 fixed
sid	6.12.25-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff oder einen unspezifischen Angriff durchzuführen.
Published: 2025-05-04T22:00:00+00:00

References

https://git.kernel.org/stable/c/0813299c586b175d7edb25f56412c54b812d0379

https://git.kernel.org/stable/c/0c440f14558bfacd22c6935ae1fd4b2a09e96b5d

https://git.kernel.org/stable/c/291cd19d107e197306869cb3237c1bba62d13182

https://git.kernel.org/stable/c/8dac5a63cf79707b547ea3d425fead5f4482198f

https://git.kernel.org/stable/c/b0bb13612292ca90fa4c2a7e425375649bc50d3e

https://git.kernel.org/stable/c/c50fc503ee1b97f12c98e26afc39fdaebebcf04f