1. Home
  2. Vulnerabilities
  3. CVE-2023-53845
0.0
NA
CVE-2023-53845
nilfs2: fix infinite loop in nilfs_mdt_get_block()
Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfs_mdt_get_block() If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file. This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinitely. In particular, if this happens to the inode metadata file, ifile, semaphore i_rwsem can be left held, causing task hangs in lock_mount. Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block address translation failures with -ENOENT as metadata corruption instead of returning the error code.

INFO

Published Date :

Dec. 9, 2025, 4:17 p.m.

Last Modified :

Dec. 9, 2025, 6:37 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-53845 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Address metadata corruption to prevent infinite loops and task hangs.
  • Apply the fix for nilfs_mdt_get_block() in the Linux kernel.
  • Treat block address translation failures as metadata corruption.
  • Update the kernel to the latest patched version.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-53845.

URL Resource
https://git.kernel.org/stable/c/25457d07c8146e57d28906c663def033dc425af6
https://git.kernel.org/stable/c/34c5f17222b50c79848bb03ec8811648813e6a45
https://git.kernel.org/stable/c/5b29661669cb65b9750a3cf70ed3eaf947b92167
https://git.kernel.org/stable/c/8a89d36a07afe1ed4564df51fefa2bb556c85412
https://git.kernel.org/stable/c/8d07d9119642ba43d21f8ba64d51d01931096b20
https://git.kernel.org/stable/c/a6a491c048882e7e424d407d32cba0b52d9ef2bf
https://git.kernel.org/stable/c/cfb0bb4fbd40c1f06da7e9f88c0a2d46155b90c2
https://git.kernel.org/stable/c/d536f9976bb04e9c84cf80045a9355975e418f41
https://git.kernel.org/stable/c/fe1cbbcb1a2532ee1654e1ff121be8906d83c6f0
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-53845 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-53845 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-53845 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-53845 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 09, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfs_mdt_get_block() If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file. This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinitely. In particular, if this happens to the inode metadata file, ifile, semaphore i_rwsem can be left held, causing task hangs in lock_mount. Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block address translation failures with -ENOENT as metadata corruption instead of returning the error code.
    Added Reference https://git.kernel.org/stable/c/25457d07c8146e57d28906c663def033dc425af6
    Added Reference https://git.kernel.org/stable/c/34c5f17222b50c79848bb03ec8811648813e6a45
    Added Reference https://git.kernel.org/stable/c/5b29661669cb65b9750a3cf70ed3eaf947b92167
    Added Reference https://git.kernel.org/stable/c/8a89d36a07afe1ed4564df51fefa2bb556c85412
    Added Reference https://git.kernel.org/stable/c/8d07d9119642ba43d21f8ba64d51d01931096b20
    Added Reference https://git.kernel.org/stable/c/a6a491c048882e7e424d407d32cba0b52d9ef2bf
    Added Reference https://git.kernel.org/stable/c/cfb0bb4fbd40c1f06da7e9f88c0a2d46155b90c2
    Added Reference https://git.kernel.org/stable/c/d536f9976bb04e9c84cf80045a9355975e418f41
    Added Reference https://git.kernel.org/stable/c/fe1cbbcb1a2532ee1654e1ff121be8906d83c6f0
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.