CVE-2023-53820
loop: loop_set_status_from_info() check before assignment
Description
In the Linux kernel, the following vulnerability has been resolved: loop: loop_set_status_from_info() check before assignment In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed to the wrong value, and it will not be changed back. More, the original patch did not solve the problem, the value was set and ioctl returned an error, but the subsequent io used the value in the loop driver, which still caused an alarm: loop_handle_cmd do_req_filebacked loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset; lo_rw_aio cmd->iocb.ki_pos = pos
INFO
Published Date :
Dec. 9, 2025, 1:24 a.m.
Last Modified :
Dec. 9, 2025, 1:24 a.m.
Remotely Exploit :
No
Source :
Linux
Affected Products
The following products are affected by CVE-2023-53820
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Apply relevant kernel patches.
- Validate offset and limit values.
- Test for correct ioctl error handling.
- Ensure subsequent io uses validated values.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53820 vulnerability anywhere in the article.