CVE-2023-53137

ext4: Fix possible corruption when moving a directory

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory When we are renaming a directory to a different directory, we need to
update '..' entry in the moved directory. However nothing prevents moved
directory from being modified and even converted from the inline format
to the normal format. When such race happens the rename code gets
confused and we crash. Fix the problem by locking the moved directory.

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory When we are renaming a directory to a different directory, we need to update '..' entry in the moved directory. However nothing prevents moved directory from being modified and even converted from the inline format to the normal format. When such race happens the rename code gets confused and we crash. Fix the problem by locking the moved directory.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-05-02 CVE Reserved
2025-05-02 CVE Published
2025-05-02 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/32f7f22c0b52e8189fef83986b16dc7abe95f2c4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8dac5a63cf79707b547ea3d425fead5f4482198f	2023-03-17
https://git.kernel.org/stable/c/0c440f14558bfacd22c6935ae1fd4b2a09e96b5d	2023-03-17
https://git.kernel.org/stable/c/c50fc503ee1b97f12c98e26afc39fdaebebcf04f	2023-03-17
https://git.kernel.org/stable/c/b0bb13612292ca90fa4c2a7e425375649bc50d3e	2023-03-17
https://git.kernel.org/stable/c/291cd19d107e197306869cb3237c1bba62d13182	2023-03-17
https://git.kernel.org/stable/c/0813299c586b175d7edb25f56412c54b812d0379	2023-02-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.4.237 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.4.237"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.10.175 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.10.175"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.15.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.15.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 6.1.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.1.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 6.2.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.2.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.3"		en		Affected