{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53323","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-16T16:08:59.563Z","datePublished":"2025-09-16T16:11:58.877Z","dateUpdated":"2026-05-11T19:42:43.589Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:42:43.589Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next2/dax: Fix ext2_setsize when len is page aligned\n\nPAGE_ALIGN(x) macro gives the next highest value which is multiple of\npagesize. But if x is already page aligned then it simply returns x.\nSo, if x passed is 0 in dax_zero_range() function, that means the\nlength gets passed as 0 to ->iomap_begin().\n\nIn ext2 it then calls ext2_get_blocks -> max_blocks as 0 and hits bug_on\nhere in ext2_get_blocks().\n\tBUG_ON(maxblocks == 0);\n\nInstead we should be calling dax_truncate_page() here which takes\ncare of it. i.e. it only calls dax_zero_range if the offset is not\npage/block aligned.\n\nThis can be easily triggered with following on fsdax mounted pmem\ndevice.\n\ndd if=/dev/zero of=file count=1 bs=512\ntruncate -s 0 file\n\n[79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk\n[79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff)\n[93.793207] ------------[ cut here ]------------\n[93.795102] kernel BUG at fs/ext2/inode.c:637!\n[93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139\n[93.806459] RIP: 0010:ext2_get_blocks.constprop.0+0x524/0x610\n<...>\n[93.835298] Call Trace:\n[93.836253]  <TASK>\n[93.837103]  ? lock_acquire+0xf8/0x110\n[93.838479]  ? d_lookup+0x69/0xd0\n[93.839779]  ext2_iomap_begin+0xa7/0x1c0\n[93.841154]  iomap_iter+0xc7/0x150\n[93.842425]  dax_zero_range+0x6e/0xa0\n[93.843813]  ext2_setsize+0x176/0x1b0\n[93.845164]  ext2_setattr+0x151/0x200\n[93.846467]  notify_change+0x341/0x4e0\n[93.847805]  ? lock_acquire+0xf8/0x110\n[93.849143]  ? do_truncate+0x74/0xe0\n[93.850452]  ? do_truncate+0x84/0xe0\n[93.851739]  do_truncate+0x84/0xe0\n[93.852974]  do_sys_ftruncate+0x2b4/0x2f0\n[93.854404]  do_syscall_64+0x3f/0x90\n[93.855789]  entry_SYSCALL_64_after_hwframe+0x72/0xdc"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext2/inode.c"],"versions":[{"version":"2aa3048e03d38d5358be2553d4b638c1a018498c","lessThan":"9e54fd14bd143c261e52fde74355e85e9526c58c","status":"affected","versionType":"git"},{"version":"2aa3048e03d38d5358be2553d4b638c1a018498c","lessThan":"5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab","status":"affected","versionType":"git"},{"version":"2aa3048e03d38d5358be2553d4b638c1a018498c","lessThan":"fcced95b6ba2a507a83b8b3e0358a8ac16b13e35","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext2/inode.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"6.1.40","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.5","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.4.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9e54fd14bd143c261e52fde74355e85e9526c58c"},{"url":"https://git.kernel.org/stable/c/5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab"},{"url":"https://git.kernel.org/stable/c/fcced95b6ba2a507a83b8b3e0358a8ac16b13e35"}],"title":"ext2/dax: Fix ext2_setsize when len is page aligned","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53323","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:28:00.441739Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-617","description":"CWE-617 Reachable Assertion"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:32:58.758Z"}}]}}