CVE-2023-53672

In the Linux kernel, the following vulnerability has been resolved:

btrfs: output extra debug info if we failed to find an inline backref

[BUG]
Syzbot reported several warning triggered inside
lookup_inline_extent_backref().

[CAUSE]
As usual, the reproducer doesn't reliably trigger locally here, but at
least we know the WARN_ON() is triggered when an inline backref can not
be found, and it can only be triggered when @insert is true. (I.e.
inserting a new inline backref, which means the backref should already
exist)

[ENHANCEMENT]
After the WARN_ON(), dump all the parameters and the extent tree
leaf to help debug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.153-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.16.9-1
fixed
sid
6.16.11-1
fixed
References
https://git.kernel.org/stable/c/28062cd6eda04035d8f6ded2001292ac8b496149
https://git.kernel.org/stable/c/376b41524b71e494514720bd6114325b0a2ed19c
https://git.kernel.org/stable/c/400e08a16604b534fdd82c5a288fa150d04f5f79
https://git.kernel.org/stable/c/6994f806c6d1ae8b59344d3700358547f3b3fe1d
https://git.kernel.org/stable/c/7afbfde45d665953b4d5a42a721e15bf0315d89b
https://git.kernel.org/stable/c/7f72f50547b7af4ddf985b07fc56600a4deba281
https://git.kernel.org/stable/c/b7c3cf2f6c42e6688b1c37215a0b1663f982f915
https://git.kernel.org/stable/c/e70ba449b04b40584bdabb383d10455397cbf177