CVE-2023-53262 in Linux
Summary
by MITRE • 09/15/2025
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix scheduling while atomic in decompression path
[ 16.945668][ C0] Call trace:
[ 16.945678][ C0] dump_backtrace+0x110/0x204
[ 16.945706][ C0] dump_stack_lvl+0x84/0xbc
[ 16.945735][ C0] __schedule_bug+0xb8/0x1ac
[ 16.945756][ C0] __schedule+0x724/0xbdc
[ 16.945778][ C0] schedule+0x154/0x258
[ 16.945793][ C0] bit_wait_io+0x48/0xa4
[ 16.945808][ C0] out_of_line_wait_on_bit+0x114/0x198
[ 16.945824][ C0] __sync_dirty_buffer+0x1f8/0x2e8
[ 16.945853][ C0] __f2fs_commit_super+0x140/0x1f4
[ 16.945881][ C0] f2fs_commit_super+0x110/0x28c
[ 16.945898][ C0] f2fs_handle_error+0x1f4/0x2f4
[ 16.945917][ C0] f2fs_decompress_cluster+0xc4/0x450
[ 16.945942][ C0] f2fs_end_read_compressed_page+0xc0/0xfc
[ 16.945959][ C0] f2fs_handle_step_decompress+0x118/0x1cc
[ 16.945978][ C0] f2fs_read_end_io+0x168/0x2b0
[ 16.945993][ C0] bio_endio+0x25c/0x2c8
[ 16.946015][ C0] dm_io_dec_pending+0x3e8/0x57c
[ 16.946052][ C0] clone_endio+0x134/0x254
[ 16.946069][ C0] bio_endio+0x25c/0x2c8
[ 16.946084][ C0] blk_update_request+0x1d4/0x478
[ 16.946103][ C0] scsi_end_request+0x38/0x4cc
[ 16.946129][ C0] scsi_io_completion+0x94/0x184
[ 16.946147][ C0] scsi_finish_command+0xe8/0x154
[ 16.946164][ C0] scsi_complete+0x90/0x1d8
[ 16.946181][ C0] blk_done_softirq+0xa4/0x11c
[ 16.946198][ C0] _stext+0x184/0x614
[ 16.946214][ C0] __irq_exit_rcu+0x78/0x144
[ 16.946234][ C0] handle_domain_irq+0xd4/0x154
[ 16.946260][ C0] gic_handle_irq.33881+0x5c/0x27c
[ 16.946281][ C0] call_on_irq_stack+0x40/0x70
[ 16.946298][ C0] do_interrupt_handler+0x48/0xa4
[ 16.946313][ C0] el1_interrupt+0x38/0x68
[ 16.946346][ C0] el1h_64_irq_handler+0x20/0x30
[ 16.946362][ C0] el1h_64_irq+0x78/0x7c
[ 16.946377][ C0] finish_task_switch+0xc8/0x3d8
[ 16.946394][ C0] __schedule+0x600/0xbdc
[ 16.946408][ C0] preempt_schedule_common+0x34/0x5c
[ 16.946423][ C0] preempt_schedule+0x44/0x48
[ 16.946438][ C0] process_one_work+0x30c/0x550
[ 16.946456][ C0] worker_thread+0x414/0x8bc
[ 16.946472][ C0] kthread+0x16c/0x1e0
[ 16.946486][ C0] ret_from_fork+0x10/0x20
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/11/2026
The vulnerability identified as CVE-2023-53262 affects the Linux kernel's f2fs file system implementation and stems from a critical scheduling issue during decompression operations. This flaw manifests when the kernel attempts to schedule operations while in an atomic context, which violates fundamental kernel safety principles and can lead to unpredictable system behavior or crashes. The issue occurs specifically within the decompression path of the f2fs file system, where compressed data clusters are processed during read operations. When the kernel encounters a scenario requiring decompression, it enters a state where scheduling operations are not permitted, yet the code path attempts to perform scheduling activities, resulting in kernel panic or system instability.
The technical root cause of this vulnerability lies in the improper handling of atomic contexts during decompression operations. The call trace demonstrates that the issue originates from f2fs_decompress_cluster function, which is invoked during the f2fs_end_read_compressed_page processing path. The system attempts to call schedule() from within an atomic context, triggering a kernel bug detection mechanism that ultimately results in a system crash. This pattern aligns with CWE-367, which addresses Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities and improper handling of atomic contexts in kernel code. The vulnerability is particularly concerning because it occurs during routine file system operations, making it exploitable under normal system usage conditions.
The operational impact of this vulnerability extends beyond simple system crashes, as it can lead to complete system hangs or data corruption scenarios. When a system attempts to read compressed files from an f2fs file system, particularly under high I/O loads or during error recovery operations, the kernel may become unstable and terminate. This can result in denial of service conditions for applications relying on f2fs file systems, potentially affecting critical system functions or user data access. The vulnerability is particularly dangerous in embedded systems or environments where system stability is paramount, as it can cause unexpected reboots or system failures during routine file operations. The attack surface includes any system running Linux kernels with f2fs file system support, particularly those using compressed file systems or virtualized environments that rely on f2fs for storage management.
Mitigation strategies for this vulnerability involve updating to patched kernel versions that resolve the atomic scheduling issue within the f2fs decompression path. System administrators should prioritize applying kernel updates that include the fix for CVE-2023-53262, as this vulnerability can be exploited to cause system instability without requiring special privileges. Organizations should also implement monitoring for system crashes or unexpected reboots that could indicate exploitation of this vulnerability. The fix typically involves ensuring that scheduling operations are properly deferred or avoided when entering atomic contexts during decompression, preventing the kernel from attempting to schedule while already in a critical atomic section. Additionally, system administrators may consider temporarily disabling compression features on f2fs file systems until patches are applied, though this approach may impact performance and storage efficiency. This vulnerability is categorized under ATT&CK technique T1490, which involves data destruction or corruption through kernel-level modifications, highlighting the need for robust kernel security practices and timely patch management.