CVE-2023-53845 in Linuxinfo

Summary

by MITRE • 12/09/2025

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix infinite loop in nilfs_mdt_get_block()

If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file.

This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinitely.

In particular, if this happens to the inode metadata file, ifile, semaphore i_rwsem can be left held, causing task hangs in lock_mount.

Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block address translation failures with -ENOENT as metadata corruption instead of returning the error code.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/30/2026

The vulnerability identified as CVE-2023-53845 represents a critical flaw in the Linux kernel's nilfs2 file system implementation that can lead to system instability and potential denial of service conditions. This issue specifically affects the nilfs2 (New Implementation of LogFS) file system which is designed for log-structured file systems and is commonly used in embedded systems and environments where data integrity is paramount. The flaw manifests when processing corrupted disk images where the file system encounters invalid virtual block addresses during metadata file operations.

The technical root cause lies within the interaction between two kernel functions: nilfs_bmap_lookup_at_level() and nilfs_mdt_get_block(). When nilfs2 attempts to locate a metadata block in a corrupted file system, the lookup function can return identical internal error codes for different failure conditions. Specifically, when a virtual block address cannot be translated properly due to corruption, nilfs_bmap_lookup_at_level() returns the same error code as -ENOENT, which indicates that the block does not exist. This duplication creates a problematic scenario where nilfs_mdt_get_block() cannot distinguish between a legitimate non-existent block and a corrupted block address, leading to an infinite loop in the block retrieval process.

The operational impact of this vulnerability extends beyond simple performance degradation to potentially catastrophic system behavior. When the infinite loop occurs during processing of the inode metadata file, also known as the ifile, it can cause the semaphore i_rwsem to remain indefinitely held. This condition creates a deadlock scenario where system tasks become permanently blocked waiting for the mount lock, effectively rendering the file system inaccessible and potentially causing the entire system to hang. The vulnerability is particularly dangerous in embedded systems or server environments where continuous operation is critical, as it can lead to complete system unresponsiveness without any clear indication of the underlying cause.

This vulnerability maps to CWE-835 in the Common Weakness Enumeration framework, specifically addressing the weakness of an infinite loop or infinite recursion in software implementations. The flaw demonstrates poor error handling and code clarity issues where the same return code represents multiple distinct failure conditions, violating fundamental software engineering principles of clear error semantics. From an ATT&CK perspective, this vulnerability could be leveraged in a denial of service attack (T1499.004) by exploiting file system corruption conditions to cause system hangs, or potentially in a privilege escalation scenario if the system can be manipulated to trigger the corrupted state through malicious file system operations. The fix implemented addresses the core issue by reclassifying virtual block address translation failures that result in -ENOENT as metadata corruption rather than legitimate missing block errors, thereby preventing the infinite loop condition and ensuring proper error propagation through the system.

Responsible

Linux

Reservation

12/09/2025

Disclosure

12/09/2025

Moderation

accepted

CPE

ready

EPSS

0.00225

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!