{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53777","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-08T23:58:35.271Z","datePublished":"2025-12-09T00:00:32.947Z","dateUpdated":"2026-05-11T19:51:20.826Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:51:20.826Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: kill hooked chains to avoid loops on deduplicated compressed images\n\nAfter heavily stressing EROFS with several images which include a\nhand-crafted image of repeated patterns for more than 46 days, I found\ntwo chains could be linked with each other almost simultaneously and\nform a loop so that the entire loop won't be submitted.  As a\nconsequence, the corresponding file pages will remain locked forever.\n\nIt can be _only_ observed on data-deduplicated compressed images.\nFor example, consider two chains with five pclusters in total:\n\tChain 1:  2->3->4->5    -- The tail pcluster is 5;\n        Chain 2:  5->1->2       -- The tail pcluster is 2.\n\nChain 2 could link to Chain 1 with pcluster 5; and Chain 1 could link\nto Chain 2 at the same time with pcluster 2.\n\nSince hooked chains are all linked locklessly now, I have no idea how\nto simply avoid the race.  Instead, let's avoid hooked chains completely\nuntil I could work out a proper way to fix this and end users finally\ntell us that it's needed to add it back.\n\nActually, this optimization can be found with multi-threaded workloads\n(especially even more often on deduplicated compressed images), yet I'm\nnot sure about the overall system impacts of not having this compared\nwith implementation complexity."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/erofs/zdata.c"],"versions":[{"version":"267f2492c8f71dac44399988b510f9bf6b074a51","lessThan":"d3b39ea24835ac03da1a30f93ae7c05d55a40191","status":"affected","versionType":"git"},{"version":"267f2492c8f71dac44399988b510f9bf6b074a51","lessThan":"b5b0d52f00e4bacb0ebdf47cd7016b0485fffad2","status":"affected","versionType":"git"},{"version":"267f2492c8f71dac44399988b510f9bf6b074a51","lessThan":"10c2b98a40d9044a3e97f4697ca6213bad7e19c2","status":"affected","versionType":"git"},{"version":"267f2492c8f71dac44399988b510f9bf6b074a51","lessThan":"967c28b23f6c89bb8eef6a046ea88afe0d7c1029","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/erofs/zdata.c"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"6.1.39","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.13","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4.4","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.3.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.4.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d3b39ea24835ac03da1a30f93ae7c05d55a40191"},{"url":"https://git.kernel.org/stable/c/b5b0d52f00e4bacb0ebdf47cd7016b0485fffad2"},{"url":"https://git.kernel.org/stable/c/10c2b98a40d9044a3e97f4697ca6213bad7e19c2"},{"url":"https://git.kernel.org/stable/c/967c28b23f6c89bb8eef6a046ea88afe0d7c1029"}],"title":"erofs: kill hooked chains to avoid loops on deduplicated compressed images","x_generator":{"engine":"bippy-1.2.0"}}}}