Unrated severityNVD Advisory· Published May 21, 2024· Updated May 4, 2025

ext4: fix racy may inline data check in dio write

CVE-2023-52786

Description

In the Linux kernel, the following vulnerability has been resolved:

syzbot reports that the following warning from ext4_iomap_begin() triggers as of the commit referenced below:

if (WARN_ON_ONCE(ext4_has_inline_data(inode))) return -ERANGE;

This occurs during a dio write, which is never expected to encounter an inode with inline data. To enforce this behavior, ext4_dio_write_iter() checks the current inline state of the inode and clears the MAY_INLINE_DATA state flag to either fall back to buffered writes, or enforce that any other writers in progress on the inode are not allowed to create inline data.

The problem is that the check for existing inline data and the state flag can span a lock cycle. For example, if the ilock is originally locked shared and subsequently upgraded to exclusive, another writer may have reacquired the lock and created inline data before the dio write task acquires the lock and proceeds.

The commit referenced below loosens the lock requirements to allow some forms of unaligned dio writes to occur under shared lock, but AFAICT the inline data check was technically already racy for any dio write that would have involved a lock cycle. Regardless, lift clearing of the state bit to the same lock critical section that checks for preexisting inline data on the inode to close the race.

Affected products

osv-coords47 versions
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.4.0-150600.23.14.1+ 46 more
- (no CPE)range: < 6.4.0-150600.23.14.1
- (no CPE)range: < 6.4.0-150600.23.14.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2.150600.12.4.3
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.14.2.150600.12.4.3
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.3.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 6.4.0-150600.23.14.2
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.23.14.2
Linux/Linuxcpe-rescue
Range: 6.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000