CVE-2023-53796
f2fs: fix information leak in f2fs_move_inline_dirents()
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zero-initializing the block. This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded initializing when converting inline dentry"), which didn't consider the security implications of leaking uninitialized memory to disk. This was found by running xfstest generic/435 on a KMSAN-enabled kernel.
INFO
Published Date :
Dec. 9, 2025, 1:16 a.m.
Last Modified :
Dec. 9, 2025, 6:37 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the kernel patch to zero-initialize directory blocks.
- Ensure all directory blocks are initialized before use.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53796.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53796 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53796
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53796 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53796 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 09, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zero-initializing the block. This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded initializing when converting inline dentry"), which didn't consider the security implications of leaking uninitialized memory to disk. This was found by running xfstest generic/435 on a KMSAN-enabled kernel. Added Reference https://git.kernel.org/stable/c/00b5587326625d0fddb2a5f5a3d4acd950102ace Added Reference https://git.kernel.org/stable/c/117d4f6687b1f74423b5d398ea95c63b262a8e73 Added Reference https://git.kernel.org/stable/c/2bef8314fcf94ddc27e22d03f237c0fafd00de33 Added Reference https://git.kernel.org/stable/c/4e3b4b170bd43db1d8a93a6bd0ea434b17cc86f7 Added Reference https://git.kernel.org/stable/c/9a5571cff4ffcfc24847df9fd545cc5799ac0ee5 Added Reference https://git.kernel.org/stable/c/a6807ef0f3b3d8508d3b07a2e35de8a91820a014 Added Reference https://git.kernel.org/stable/c/eebaecef0095bb8f493c03982da75c6e7bae1056 Added Reference https://git.kernel.org/stable/c/f07a8d61b6ea81bb3cbe0638af40f8824d6147fd