{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-52900","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-21T06:07:11.014Z","datePublished":"2024-08-21T06:10:40.533Z","dateUpdated":"2026-01-05T10:17:54.013Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:17:54.013Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix general protection fault in nilfs_btree_insert()\n\nIf nilfs2 reads a corrupted disk image and tries to reads a b-tree node\nblock by calling __nilfs_btree_get_block() against an invalid virtual\nblock address, it returns -ENOENT because conversion of the virtual block\naddress to a disk block address fails.  However, this return value is the\nsame as the internal code that b-tree lookup routines return to indicate\nthat the block being searched does not exist, so functions that operate on\nthat b-tree may misbehave.\n\nWhen nilfs_btree_insert() receives this spurious 'not found' code from\nnilfs_btree_do_lookup(), it misunderstands that the 'not found' check was\nsuccessful and continues the insert operation using incomplete lookup path\ndata, causing the following crash:\n\n general protection fault, probably for non-canonical address\n 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n ...\n RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline]\n RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline]\n RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238\n Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89\n ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c\n 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02\n ...\n Call Trace:\n <TASK>\n  nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline]\n  nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147\n  nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101\n  __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991\n  __block_write_begin fs/buffer.c:2041 [inline]\n  block_write_begin+0x93/0x1e0 fs/buffer.c:2102\n  nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261\n  generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772\n  __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900\n  generic_file_write_iter+0xab/0x310 mm/filemap.c:3932\n  call_write_iter include/linux/fs.h:2186 [inline]\n  new_sync_write fs/read_write.c:491 [inline]\n  vfs_write+0x7dc/0xc50 fs/read_write.c:584\n  ksys_write+0x177/0x2a0 fs/read_write.c:637\n  do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n  do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n ...\n </TASK>\n\nThis patch fixes the root cause of this problem by replacing the error\ncode that __nilfs_btree_get_block() returns on block address conversion\nfailure from -ENOENT to another internal code -EINVAL which means that the\nb-tree metadata is corrupted.\n\nBy returning -EINVAL, it propagates without glitches, and for all relevant\nb-tree operations, functions in the upper bmap layer output an error\nmessage indicating corrupted b-tree metadata via\nnilfs_bmap_convert_error(), and code -EIO will be eventually returned as\nit should be."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nilfs2/btree.c"],"versions":[{"version":"a60be987d45dd510aeb54389526f9957cfab106c","lessThan":"3c2a2ff67d46106715c2132021b98bd057c27545","status":"affected","versionType":"git"},{"version":"a60be987d45dd510aeb54389526f9957cfab106c","lessThan":"d9fde9eab1766170ff2ade67d09178d2cfd78749","status":"affected","versionType":"git"},{"version":"a60be987d45dd510aeb54389526f9957cfab106c","lessThan":"b0ba060d3287108eba17603bee3810e4cf2c272d","status":"affected","versionType":"git"},{"version":"a60be987d45dd510aeb54389526f9957cfab106c","lessThan":"712bd74eccb9d3626a0a236641962eca8e11a243","status":"affected","versionType":"git"},{"version":"a60be987d45dd510aeb54389526f9957cfab106c","lessThan":"45627a1a6450662e1e0f8174ef07b05710a20062","status":"affected","versionType":"git"},{"version":"a60be987d45dd510aeb54389526f9957cfab106c","lessThan":"0bf463939c09e5b2c35c71ed74a5fd60a74d6a04","status":"affected","versionType":"git"},{"version":"a60be987d45dd510aeb54389526f9957cfab106c","lessThan":"7633355e5c7f29c049a9048e461427d1d8ed3051","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nilfs2/btree.c"],"versions":[{"version":"2.6.30","status":"affected"},{"version":"0","lessThan":"2.6.30","status":"unaffected","versionType":"semver"},{"version":"4.14.304","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.271","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.230","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.165","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.90","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.8","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"4.14.304"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"4.19.271"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"5.4.230"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"5.10.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"5.15.90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"6.1.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c2a2ff67d46106715c2132021b98bd057c27545"},{"url":"https://git.kernel.org/stable/c/d9fde9eab1766170ff2ade67d09178d2cfd78749"},{"url":"https://git.kernel.org/stable/c/b0ba060d3287108eba17603bee3810e4cf2c272d"},{"url":"https://git.kernel.org/stable/c/712bd74eccb9d3626a0a236641962eca8e11a243"},{"url":"https://git.kernel.org/stable/c/45627a1a6450662e1e0f8174ef07b05710a20062"},{"url":"https://git.kernel.org/stable/c/0bf463939c09e5b2c35c71ed74a5fd60a74d6a04"},{"url":"https://git.kernel.org/stable/c/7633355e5c7f29c049a9048e461427d1d8ed3051"}],"title":"nilfs2: fix general protection fault in nilfs_btree_insert()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-52900","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:03:31.052227Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T17:33:15.051Z"}}]}}