CVE-2023-53081

ocfs2: fix data corruption after failed write

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page,
ocfs2_write_end_nolock() just zeroes out and dirties the page. This can
leave dirty page beyond EOF and if page writeback tries to write this page
before write succeeds and expands i_size, page gets into inconsistent
state where page dirty bit is clear but buffer dirty bits stay set
resulting in page data never getting written and so data copied to the
page is lost. Fix the problem by invalidating page beyond EOF after
failed write.

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting written and so data copied to the page is lost. Fix the problem by invalidating page beyond EOF after failed write.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-05-02 CVE Reserved
2025-05-02 CVE Published
2025-05-02 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/7ed80e77c908cbaa686529a49f8ae0060c5caee7	Vuln. Introduced
https://git.kernel.org/stable/c/7ce2b16bad2cbfa3fa7bbc42c4448914f639ca47	Vuln. Introduced
https://git.kernel.org/stable/c/f8a6a2ed4b7d1c3c8631eeb6d00572bc853094a8	Vuln. Introduced
https://git.kernel.org/stable/c/6dbf7bb555981fb5faf7b691e8f6169fc2b2e63b	Vuln. Introduced
https://git.kernel.org/stable/c/acef5107e2eacb08a16ad5db60320d65bd26a6c0	Vuln. Introduced
https://git.kernel.org/stable/c/36ed9e604215f58cec0381ca5fcc6da05f2d87ca	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3	2023-04-05
https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45	2023-04-05
https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089	2023-04-05
https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68	2023-04-05
https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6	2023-03-30
https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b	2023-03-22
https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57	2023-03-22
https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715	2023-03-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.204 < 4.14.312 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.204 < 4.14.312"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.155 < 4.19.280 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.155 < 4.19.280"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.75 < 5.4.240 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.75 < 5.4.240"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.10.177 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.177"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.15.105 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.15.105"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.1.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.1.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.2.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.2.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.242 Search vendor "Linux" for product "Linux Kernel" and version "4.9.242"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.9.5 Search vendor "Linux" for product "Linux Kernel" and version "5.9.5"		en		Affected