CVE-2023-53163

15.09.2025, 14:15

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: don't hold ni_lock when calling truncate_setsize()

syzbot is reporting hung task at do_user_addr_fault() [1], for there is
a silent deadlock between PG_locked bit and ni_lock lock.

Since filemap_update_page() calls filemap_read_folio() after calling
folio_trylock() which will set PG_locked bit, ntfs_truncate() must not
call truncate_setsize() which will wait for PG_locked bit to be cleared
when holding ni_lock lock.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.41-1 fixed
forky	6.16.3-1 fixed
sid	6.16.7-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher beschriebene Auswirkungen zu erzielen.
Published: 2025-09-15T22:00:00+00:00

References

https://git.kernel.org/stable/c/0226635c304cfd5c9db9b78c259cb713819b057e

https://git.kernel.org/stable/c/6bb6b1c6b0c31e36736b87a39dd1cbbd9d5ec22f

https://git.kernel.org/stable/c/73fee7e1e5ea11b51c51c46e0577a197ca3602cf

https://git.kernel.org/stable/c/8414983c2e649364d8af29080a0869266b31abb6