Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Linux Kernel: ext4 Filesystem Crash on 1k Block Filesystems
UBUNTU-CVE-2023-53143
Summary
A bug in the Linux kernel's ext4 filesystem can cause a crash on systems with 1k block filesystems. This issue can lead to data loss or system instability. To stay safe, update your Linux kernel to the latest version.
What to do
- Update canonical linux-aws-5.4 to version 5.4.0-1107.115~18.04.1.
- Update canonical linux-azure-5.4 to version 5.4.0-1113.119~18.04.1.
- Update canonical linux-gcp-5.4 to version 5.4.0-1110.119~18.04.1.
- Update canonical linux-hwe-5.4 to version 5.4.0-156.173~18.04.1.
- Update canonical linux-ibm-5.4 to version 5.4.0-1054.59~18.04.1.
- Update canonical linux-oracle-5.4 to version 5.4.0-1106.115~18.04.1.
- Update canonical linux-raspi-5.4 to version 5.4.0-1091.102~18.04.1.
- Update canonical linux to version 5.4.0-156.173.
- Update canonical linux-aws to version 5.4.0-1107.115.
- Update canonical linux-aws-5.15 to version 5.15.0-1041.46~20.04.1.
- Update canonical linux-azure to version 5.4.0-1114.120.
- Update canonical linux-azure-5.15 to version 5.15.0-1045.52~20.04.1.
- Update canonical linux-bluefield to version 5.4.0-1068.74.
- Update canonical linux-gcp to version 5.4.0-1110.119.
- Update canonical linux-gcp-5.15 to version 5.15.0-1039.47~20.04.1.
- Update canonical linux-hwe-5.15 to version 5.15.0-79.86~20.04.2.
- Update canonical linux-ibm to version 5.4.0-1054.59.
- Update canonical linux-ibm-5.15 to version 5.15.0-1036.39~20.04.1.
- Update canonical linux-intel-iotg-5.15 to version 5.15.0-1037.42~20.04.1.
- Update canonical linux-iot to version 5.4.0-1019.20.
- Update canonical linux-kvm to version 5.4.0-1096.102.
- Update canonical linux-lowlatency-hwe-5.15 to version 5.15.0-79.88~20.04.1.
- Update canonical linux-nvidia-tegra-5.15 to version 5.15.0-1016.16~20.04.1.
- Update canonical linux-oracle to version 5.4.0-1106.115.
- Update canonical linux-oracle-5.15 to version 5.15.0-1040.46~20.04.1.
- Update canonical linux-raspi to version 5.4.0-1091.102.
- Update canonical linux-riscv-5.15 to version 5.15.0-1038.42~20.04.2.
- Update canonical linux-xilinx-zynqmp to version 5.4.0-1027.31.
- Update canonical linux-aws-fips to version 5.4.0-1107.115+fips1.
- Update canonical linux-azure-fips to version 5.4.0-1113.119+fips1.
- Update canonical linux-fips to version 5.4.0-1082.91.
- Update canonical linux-gcp-fips to version 5.4.0-1110.119+fips1.
- Update canonical linux to version 5.15.0-79.86.
- Update canonical linux-aws to version 5.15.0-1042.47.
- Update canonical linux-azure to version 5.15.0-1045.52.
- Update canonical linux-gcp to version 5.15.0-1039.47.
- Update canonical linux-gke to version 5.15.0-1039.44.
- Update canonical linux-gkeop to version 5.15.0-1025.30.
- Update canonical linux-ibm to version 5.15.0-1035.38.
- Update canonical linux-intel-iotg to version 5.15.0-1037.42.
- Update canonical linux-kvm to version 5.15.0-1039.44.
- Update canonical linux-lowlatency to version 5.15.0-79.88.
- Update canonical linux-nvidia to version 5.15.0-1030.30.
- Update canonical linux-nvidia-tegra to version 5.15.0-1016.16.
- Update canonical linux-nvidia-tegra-igx to version 5.15.0-1002.2.
- Update canonical linux-oracle to version 5.15.0-1040.46.
- Update canonical linux-raspi to version 5.15.0-1035.38.
- Update canonical linux-xilinx-zynqmp to version 5.15.0-1025.29.
- Update canonical linux-bluefield to version 5.15.0-1022.24.
- Update canonical linux-intel-iot-realtime to version 5.15.0-1036.38.
- Update canonical linux-realtime to version 5.15.0-1043.48.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Ubuntu:Pro:14.04:LTS | canonical | linux-azure | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | linux-aws-hwe | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | linux-azure | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | linux-gcp | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | linux-hwe | All versions |
| Ubuntu:16.04:LTS | canonical | linux-hwe-edge | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | linux-oracle | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-aws | All versions |
| Ubuntu:18.04:LTS | canonical | linux-aws-5.0 | All versions |
| Ubuntu:18.04:LTS | canonical | linux-aws-5.3 | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-aws-5.4 |
< 5.4.0-1107.115~18.04.1 Fix: upgrade to 5.4.0-1107.115~18.04.1
|
| Ubuntu:18.04:LTS | canonical | linux-azure | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-azure-4.15 | All versions |
| Ubuntu:18.04:LTS | canonical | linux-azure-5.3 | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-azure-5.4 |
< 5.4.0-1113.119~18.04.1 Fix: upgrade to 5.4.0-1113.119~18.04.1
|
| Ubuntu:18.04:LTS | canonical | linux-azure-edge | All versions |
| Ubuntu:18.04:LTS | canonical | linux-gcp | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-gcp-4.15 | All versions |
| Ubuntu:18.04:LTS | canonical | linux-gcp-5.3 | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-gcp-5.4 |
< 5.4.0-1110.119~18.04.1 Fix: upgrade to 5.4.0-1110.119~18.04.1
|
| Ubuntu:18.04:LTS | canonical | linux-gke-4.15 | All versions |
| Ubuntu:18.04:LTS | canonical | linux-gke-5.4 | All versions |
| Ubuntu:18.04:LTS | canonical | linux-gkeop-5.4 | All versions |
| Ubuntu:18.04:LTS | canonical | linux-hwe | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-hwe-5.4 |
< 5.4.0-156.173~18.04.1 Fix: upgrade to 5.4.0-156.173~18.04.1
|
| Ubuntu:18.04:LTS | canonical | linux-hwe-edge | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-ibm-5.4 |
< 5.4.0-1054.59~18.04.1 Fix: upgrade to 5.4.0-1054.59~18.04.1
|
| Ubuntu:Pro:18.04:LTS | canonical | linux-kvm | All versions |
| Ubuntu:18.04:LTS | canonical | linux-oem | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-oracle | All versions |
| Ubuntu:18.04:LTS | canonical | linux-oracle-5.0 | All versions |
| Ubuntu:18.04:LTS | canonical | linux-oracle-5.3 | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | linux-oracle-5.4 |
< 5.4.0-1106.115~18.04.1 Fix: upgrade to 5.4.0-1106.115~18.04.1
|
| Ubuntu:Pro:18.04:LTS | canonical | linux-raspi-5.4 |
< 5.4.0-1091.102~18.04.1 Fix: upgrade to 5.4.0-1091.102~18.04.1
|
| Ubuntu:Pro:FIPS-updates:18.04:LTS | canonical | linux-aws-fips | All versions |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | canonical | linux-azure-fips | All versions |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | canonical | linux-fips | All versions |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | canonical | linux-gcp-fips | All versions |
| Ubuntu:Pro:FIPS:18.04:LTS | canonical | linux-aws-fips | All versions |
| Ubuntu:Pro:FIPS:18.04:LTS | canonical | linux-azure-fips | All versions |
| Ubuntu:Pro:FIPS:18.04:LTS | canonical | linux-fips | All versions |
| Ubuntu:Pro:FIPS:18.04:LTS | canonical | linux-gcp-fips | All versions |
| Ubuntu:20.04:LTS | canonical | linux |
< 5.4.0-156.173 Fix: upgrade to 5.4.0-156.173
|
| Ubuntu:20.04:LTS | canonical | linux-aws |
< 5.4.0-1107.115 Fix: upgrade to 5.4.0-1107.115
|
| Ubuntu:20.04:LTS | canonical | linux-aws-5.15 |
< 5.15.0-1041.46~20.04.1 Fix: upgrade to 5.15.0-1041.46~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-azure |
< 5.4.0-1114.120 Fix: upgrade to 5.4.0-1114.120
|
| Ubuntu:20.04:LTS | canonical | linux-azure-5.15 |
< 5.15.0-1045.52~20.04.1 Fix: upgrade to 5.15.0-1045.52~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-bluefield |
< 5.4.0-1068.74 Fix: upgrade to 5.4.0-1068.74
|
| Ubuntu:20.04:LTS | canonical | linux-gcp |
< 5.4.0-1110.119 Fix: upgrade to 5.4.0-1110.119
|
| Ubuntu:20.04:LTS | canonical | linux-gcp-5.15 |
< 5.15.0-1039.47~20.04.1 Fix: upgrade to 5.15.0-1039.47~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-hwe-5.15 |
< 5.15.0-79.86~20.04.2 Fix: upgrade to 5.15.0-79.86~20.04.2
|
| Ubuntu:20.04:LTS | canonical | linux-ibm |
< 5.4.0-1054.59 Fix: upgrade to 5.4.0-1054.59
|
| Ubuntu:24.04:LTS | canonical | linux-raspi-realtime | All versions |
| Ubuntu:20.04:LTS | canonical | linux-ibm-5.15 |
< 5.15.0-1036.39~20.04.1 Fix: upgrade to 5.15.0-1036.39~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-intel-iotg-5.15 |
< 5.15.0-1037.42~20.04.1 Fix: upgrade to 5.15.0-1037.42~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-iot |
< 5.4.0-1019.20 Fix: upgrade to 5.4.0-1019.20
|
| Ubuntu:20.04:LTS | canonical | linux-kvm |
< 5.4.0-1096.102 Fix: upgrade to 5.4.0-1096.102
|
| Ubuntu:20.04:LTS | canonical | linux-lowlatency-hwe-5.15 |
< 5.15.0-79.88~20.04.1 Fix: upgrade to 5.15.0-79.88~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-nvidia-tegra-5.15 |
< 5.15.0-1016.16~20.04.1 Fix: upgrade to 5.15.0-1016.16~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-oracle |
< 5.4.0-1106.115 Fix: upgrade to 5.4.0-1106.115
|
| Ubuntu:20.04:LTS | canonical | linux-oracle-5.15 |
< 5.15.0-1040.46~20.04.1 Fix: upgrade to 5.15.0-1040.46~20.04.1
|
| Ubuntu:20.04:LTS | canonical | linux-raspi |
< 5.4.0-1091.102 Fix: upgrade to 5.4.0-1091.102
|
| Ubuntu:20.04:LTS | canonical | linux-riscv-5.15 |
< 5.15.0-1038.42~20.04.2 Fix: upgrade to 5.15.0-1038.42~20.04.2
|
| Ubuntu:20.04:LTS | canonical | linux-xilinx-zynqmp |
< 5.4.0-1027.31 Fix: upgrade to 5.4.0-1027.31
|
| Ubuntu:20.04:LTS | canonical | linux-aws-5.11 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-aws-5.13 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-aws-5.8 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-azure-5.11 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-azure-5.13 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-azure-5.8 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-azure-fde | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gcp-5.11 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gcp-5.13 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gcp-5.8 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gke | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gke-5.15 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gkeop | All versions |
| Ubuntu:20.04:LTS | canonical | linux-gkeop-5.15 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-hwe-5.11 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-hwe-5.13 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-hwe-5.8 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-intel-5.13 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-oem-5.10 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-oem-5.13 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-oem-5.14 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-oem-5.6 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-oracle-5.11 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-oracle-5.13 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-oracle-5.8 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-raspi2 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-riscv | All versions |
| Ubuntu:20.04:LTS | canonical | linux-riscv-5.11 | All versions |
| Ubuntu:20.04:LTS | canonical | linux-riscv-5.8 | All versions |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | canonical | linux-aws-fips |
< 5.4.0-1107.115+fips1 Fix: upgrade to 5.4.0-1107.115+fips1
|
| Ubuntu:Pro:FIPS-updates:20.04:LTS | canonical | linux-azure-fips |
< 5.4.0-1113.119+fips1 Fix: upgrade to 5.4.0-1113.119+fips1
|
| Ubuntu:Pro:FIPS-updates:20.04:LTS | canonical | linux-fips |
< 5.4.0-1082.91 Fix: upgrade to 5.4.0-1082.91
|
| Ubuntu:Pro:FIPS-updates:20.04:LTS | canonical | linux-gcp-fips |
< 5.4.0-1110.119+fips1 Fix: upgrade to 5.4.0-1110.119+fips1
|
| Ubuntu:Pro:FIPS:20.04:LTS | canonical | linux-aws-fips | All versions |
| Ubuntu:Pro:FIPS:20.04:LTS | canonical | linux-azure-fips | All versions |
| Ubuntu:Pro:FIPS:20.04:LTS | canonical | linux-fips | All versions |
| Ubuntu:Pro:FIPS:20.04:LTS | canonical | linux-gcp-fips | All versions |
| Ubuntu:22.04:LTS | canonical | linux |
< 5.15.0-79.86 Fix: upgrade to 5.15.0-79.86
|
| Ubuntu:22.04:LTS | canonical | linux-allwinner-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-aws |
< 5.15.0-1042.47 Fix: upgrade to 5.15.0-1042.47
|
| Ubuntu:22.04:LTS | canonical | linux-aws-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-aws-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-aws-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-azure |
< 5.15.0-1045.52 Fix: upgrade to 5.15.0-1045.52
|
| Ubuntu:22.04:LTS | canonical | linux-azure-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-azure-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-azure-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-azure-fde | All versions |
| Ubuntu:22.04:LTS | canonical | linux-azure-fde-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-azure-fde-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-gcp |
< 5.15.0-1039.47 Fix: upgrade to 5.15.0-1039.47
|
| Ubuntu:22.04:LTS | canonical | linux-gcp-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-gcp-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-gcp-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-gke |
< 5.15.0-1039.44 Fix: upgrade to 5.15.0-1039.44
|
| Ubuntu:22.04:LTS | canonical | linux-gkeop |
< 5.15.0-1025.30 Fix: upgrade to 5.15.0-1025.30
|
| Ubuntu:22.04:LTS | canonical | linux-hwe-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-hwe-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-hwe-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-ibm |
< 5.15.0-1035.38 Fix: upgrade to 5.15.0-1035.38
|
| Ubuntu:22.04:LTS | canonical | linux-intel-iotg |
< 5.15.0-1037.42 Fix: upgrade to 5.15.0-1037.42
|
| Ubuntu:22.04:LTS | canonical | linux-kvm |
< 5.15.0-1039.44 Fix: upgrade to 5.15.0-1039.44
|
| Ubuntu:22.04:LTS | canonical | linux-lowlatency |
< 5.15.0-79.88 Fix: upgrade to 5.15.0-79.88
|
| Ubuntu:22.04:LTS | canonical | linux-lowlatency-hwe-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-lowlatency-hwe-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-lowlatency-hwe-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-nvidia |
< 5.15.0-1030.30 Fix: upgrade to 5.15.0-1030.30
|
| Ubuntu:22.04:LTS | canonical | linux-nvidia-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-nvidia-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-nvidia-tegra |
< 5.15.0-1016.16 Fix: upgrade to 5.15.0-1016.16
|
| Ubuntu:22.04:LTS | canonical | linux-nvidia-tegra-igx |
< 5.15.0-1002.2 Fix: upgrade to 5.15.0-1002.2
|
| Ubuntu:22.04:LTS | canonical | linux-oem-5.17 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-oem-6.0 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-oem-6.1 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-oem-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-oracle |
< 5.15.0-1040.46 Fix: upgrade to 5.15.0-1040.46
|
| Ubuntu:22.04:LTS | canonical | linux-oracle-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-raspi |
< 5.15.0-1035.38 Fix: upgrade to 5.15.0-1035.38
|
| Ubuntu:22.04:LTS | canonical | linux-realtime | All versions |
| Ubuntu:22.04:LTS | canonical | linux-riscv | All versions |
| Ubuntu:22.04:LTS | canonical | linux-riscv-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-riscv-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-starfive-5.19 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-starfive-6.2 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-starfive-6.5 | All versions |
| Ubuntu:22.04:LTS | canonical | linux-xilinx-zynqmp |
< 5.15.0-1025.29 Fix: upgrade to 5.15.0-1025.29
|
| Ubuntu:Nvidia-BlueField:22.04:LTS | canonical | linux-bluefield |
< 5.15.0-1022.24 Fix: upgrade to 5.15.0-1022.24
|
| Ubuntu:Pro:FIPS-preview:22.04:LTS | canonical | linux-fips | All versions |
| Ubuntu:Pro:Realtime:22.04:LTS | canonical | linux-intel-iot-realtime |
< 5.15.0-1036.38 Fix: upgrade to 5.15.0-1036.38
|
| Ubuntu:Pro:Realtime:22.04:LTS | canonical | linux-realtime |
< 5.15.0-1043.48 Fix: upgrade to 5.15.0-1043.48
|
| Ubuntu:24.04:LTS | canonical | linux-realtime | All versions |
Original title
In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: stru...
Original description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = { .fmh_count = ...; .fmh_keys = { { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, }, ... }; ret = ioctl(fd, FS_IOC_GETFSMAP, &cmd); Produces this crash if the underlying filesystem is a 1k-block ext4 filesystem: kernel BUG at fs/ext4/ext4.h:3331! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 3 PID: 3227965 Comm: xfs_io Tainted: G W O 6.2.0-rc8-achx Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4] RSP: 0018:ffffc90007c03998 EFLAGS: 00010246 RAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000 RDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11 RBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400 R10: ffffc90007c03950 R11: 0000000000000000 R12: 0000000000000001 R13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398 FS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0 Call Trace: <TASK> ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] __x64_sys_ioctl+0x82/0xa0 do_syscall_64+0x2b/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fdf20558aff RSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff RDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003 RBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010 R13: 00005625be70d994 R14: 0000000000000800 R15: 0000000000000000 For GETFSMAP calls, the caller selects a physical block device by writing its block number into fsmap_head.fmh_keys[01].fmr_device. To query mappings for a subrange of the device, the starting byte of the range is written to fsmap_head.fmh_keys[0].fmr_physical and the last byte of the range goes in fsmap_head.fmh_keys[1].fmr_physical. IOWs, to query what mappings overlap with bytes 3-14 of /dev/sda, you'd set the inputs as follows: fmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3}, fmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14}, Which would return you whatever is mapped in the 12 bytes starting at physical offset 3. The crash is due to insufficient range validation of keys[1] in ext4_getfsmap_datadev. On 1k-block filesystems, block 0 is not part of the filesystem, which means that s_first_data_block is nonzero. ext4_get_group_no_and_offset subtracts this quantity from the blocknr argument before cracking it into a group number and a block number within a group. IOWs, block group 0 spans blocks 1-8192 (1-based) instead of 0-8191 (0-based) like what happens with larger blocksizes. The net result of this encoding is that blocknr < s_first_data_block is not a valid input to this function. The end_fsb variable is set from the keys that are copied from userspace, which means that in the above example, its value is zero. That leads to an underflow here: blocknr = blocknr - le32_to_cpu(es->s_first_data_block); The division then operates on -1: offset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) >> EXT4_SB(sb)->s_cluster_bits; Leaving an impossibly large group number (2^32-1) in blocknr. ext4_getfsmap_check_keys checked that keys[0 ---truncated---
osv CVSS3.1
5.5
- https://ubuntu.com/security/CVE-2023-53143 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2023-53143 Third Party Advisory
- https://git.kernel.org/linus/c993799baf9c5861f8df91beb80e1611b12efcbd Third Party Advisory
- https://git.kernel.org/stable/c/15ebade3266b300da9cd1edce4004fe8fd6a2b88 Third Party Advisory
- https://git.kernel.org/stable/c/1d2366624b4c19a2ba6baf67fe57f4a1b0f67c05 Third Party Advisory
- https://git.kernel.org/stable/c/a70b49dc7eee5dbe3775a650ce598e3557ff5475 Third Party Advisory
- https://git.kernel.org/stable/c/c24f838493792b5e78a3596b4ca96375aa0af4c2 Third Party Advisory
- https://git.kernel.org/stable/c/c5d7c31e17224d847a330180ec1b03bf390632b2 Third Party Advisory
- https://git.kernel.org/stable/c/c993799baf9c5861f8df91beb80e1611b12efcbd Third Party Advisory
- https://git.kernel.org/stable/c/eb3a695aa71a514f2e7f5778e05faba3733b70a0 Third Party Advisory
- https://git.kernel.org/stable/c/f16054ac1774915160ca4e1c73ff7a269465a1b9 Third Party Advisory
Published: 2 May 2025 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026