CVE-2023-53339
17.09.2025, 15:15
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix BUG_ON condition in btrfs_cancel_balance
Pausing and canceling balance can race to interrupt balance lead to BUG_ON
panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance
does not take this race scenario into account.
However, the race condition has no other side effects. We can fix that.
Reproducing it with panic trace like this:
kernel BUG at fs/btrfs/volumes.c:4618!
RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0
Call Trace:
<TASK>
? do_nanosleep+0x60/0x120
? hrtimer_nanosleep+0xb7/0x1a0
? sched_core_clone_cookie+0x70/0x70
btrfs_ioctl_balance_ctl+0x55/0x70
btrfs_ioctl+0xa46/0xd20
__x64_sys_ioctl+0x7d/0xa0
do_syscall_64+0x38/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Race scenario as follows:
> mutex_unlock(&fs_info->balance_mutex);
> --------------------
> .......issue pause and cancel req in another thread
> --------------------
> ret = __btrfs_balance(fs_info);
>
> mutex_lock(&fs_info->balance_mutex);
> if (ret == -ECANCELED && atomic_read(&fs_info->balance_pause_req)) {
> btrfs_info(fs_info, "balance: paused");
> btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);
> }Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 < 4.19.293 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.4.255 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.192 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.128 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.47 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.4.12 |
| linux | linux_kernel | 6.5:rc1 |
| linux | linux_kernel | 6.5:rc2 |
| linux | linux_kernel | 6.5:rc3 |
| linux | linux_kernel | 6.5:rc4 |
| linux | linux_kernel | 6.5:rc5 |
| linux | linux_kernel | 6.5:rc6 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References