CVE-2023-53526
EUVD-2025-3273601.10.2025, 12:15
In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh->b_transaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2_journal_commit_transaction __jbd2_journal_insert_checkpoint(jh, commit_transaction) // Put jh into trans1->t_checkpoint_list journal->j_checkpoint_transactions = commit_transaction // Put trans1 into journal->j_checkpoint_transactions Step 2: do_get_write_access test_clear_buffer_dirty(bh) // clear buffer dirty,set jbd dirty __jbd2_journal_file_buffer(jh, transaction) // jh belongs to trans2 Step 3: drop_cache journal_shrink_one_cp_list jbd2_journal_try_remove_checkpoint if (!trylock_buffer(bh)) // lock bh, true if (buffer_dirty(bh)) // buffer is not dirty __jbd2_journal_remove_checkpoint(jh) // remove jh from trans1->t_checkpoint_list Step 4: jbd2_log_do_checkpoint trans1 = journal->j_checkpoint_transactions // jh is not in trans1->t_checkpoint_list jbd2_cleanup_journal_tail(journal) // trans1 is done Step 5: Power cut, trans2 is not committed, jh is lost in next mounting. Fix it by checking 'jh->b_transaction' before remove it from checkpoint.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.15.129 ≤ 𝑥 < 5.15.132 |
| linux | linux_kernel | 6.1.50 ≤ 𝑥 < 6.1.54 |
| linux | linux_kernel | 6.4.13 ≤ 𝑥 < 6.5 |
| linux | linux_kernel | 6.5.1 ≤ 𝑥 < 6.5.4 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5:rc3 |
| linux | linux_kernel | 6.5:rc4 |
| linux | linux_kernel | 6.5:rc5 |
| linux | linux_kernel | 6.5:rc6 |
| linux | linux_kernel | 6.5:rc7 |
𝑥
= Vulnerable software versions
Debian Releases