{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53608","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-04T15:40:38.480Z","datePublished":"2025-10-04T15:44:17.302Z","dateUpdated":"2026-05-11T19:48:27.011Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:48:27.011Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()\n\nThe finalization of nilfs_segctor_thread() can race with\nnilfs_segctor_kill_thread() which terminates that thread, potentially\ncausing a use-after-free BUG as KASAN detected.\n\nAt the end of nilfs_segctor_thread(), it assigns NULL to \"sc_task\" member\nof \"struct nilfs_sc_info\" to indicate the thread has finished, and then\nnotifies nilfs_segctor_kill_thread() of this using waitqueue\n\"sc_wait_task\" on the struct nilfs_sc_info.\n\nHowever, here, immediately after the NULL assignment to \"sc_task\", it is\npossible that nilfs_segctor_kill_thread() will detect it and return to\ncontinue the deallocation, freeing the nilfs_sc_info structure before the\nthread does the notification.\n\nThis fixes the issue by protecting the NULL assignment to \"sc_task\" and\nits notification, with spinlock \"sc_state_lock\" of the struct\nnilfs_sc_info.  Since nilfs_segctor_kill_thread() does a final check to\nsee if \"sc_task\" is NULL with \"sc_state_lock\" locked, this can eliminate\nthe race."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nilfs2/segment.c"],"versions":[{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"034cce77d52ba013ce62b4f5258c29907eb1ada5","status":"affected","versionType":"git"},{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc","status":"affected","versionType":"git"},{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"613bf23c070d11c525268f2945aa594704a9b764","status":"affected","versionType":"git"},{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"f32297dba338dc06d62286dedb3cdbd5175b1719","status":"affected","versionType":"git"},{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"92684e02654c91a61a0b0561433b710bcece19fe","status":"affected","versionType":"git"},{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"bae009a2f1b7c2011d2e92d8c84868d315c0b97e","status":"affected","versionType":"git"},{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"b4d80bd6370b81a1725b6b8f7894802c23a14e9f","status":"affected","versionType":"git"},{"version":"9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453","lessThan":"6be49d100c22ffea3287a4b19d7639d259888e33","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/nilfs2/segment.c"],"versions":[{"version":"2.6.30","status":"affected"},{"version":"0","lessThan":"2.6.30","status":"unaffected","versionType":"semver"},{"version":"4.14.313","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.281","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.241","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.178","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.107","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.24","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.11","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"4.14.313"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"4.19.281"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"5.4.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"5.10.178"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"5.15.107"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"6.1.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"6.2.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.30","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5"},{"url":"https://git.kernel.org/stable/c/0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc"},{"url":"https://git.kernel.org/stable/c/613bf23c070d11c525268f2945aa594704a9b764"},{"url":"https://git.kernel.org/stable/c/f32297dba338dc06d62286dedb3cdbd5175b1719"},{"url":"https://git.kernel.org/stable/c/92684e02654c91a61a0b0561433b710bcece19fe"},{"url":"https://git.kernel.org/stable/c/bae009a2f1b7c2011d2e92d8c84868d315c0b97e"},{"url":"https://git.kernel.org/stable/c/b4d80bd6370b81a1725b6b8f7894802c23a14e9f"},{"url":"https://git.kernel.org/stable/c/6be49d100c22ffea3287a4b19d7639d259888e33"}],"title":"nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()","x_generator":{"engine":"bippy-1.2.0"}}}}