CVE-2023-53692
Description
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. ================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline] BUG: KASAN: use-after-free in ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931 Read of size 4 at addr ffff888073644750 by task syz-executor420/5067
CPU: 0 PID: 5067 Comm: syz-executor420 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace:
__dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:306 print_report+0x107/0x1f0 mm/kasan/report.c:417 kasan_report+0xcd/0x100 mm/kasan/report.c:517 ext4_ext_binsearch_idx fs/ext4/extents.c:768 [inline] ext4_find_extent+0x76e/0xd90 fs/ext4/extents.c:931 ext4_clu_mapped+0x117/0x970 fs/ext4/extents.c:5809 ext4_insert_delayed_block fs/ext4/inode.c:1696 [inline] ext4_da_map_blocks fs/ext4/inode.c:1806 [inline] ext4_da_get_block_prep+0x9e8/0x13c0 fs/ext4/inode.c:1870 ext4_block_write_begin+0x6a8/0x2290 fs/ext4/inode.c:1098 ext4_da_write_begin+0x539/0x760 fs/ext4/inode.c:3082 generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772 ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:285 ext4_file_write_iter+0x1d0/0x18f0 call_write_iter include/linux/fs.h:2186 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x7dc/0xc50 fs/read_write.c:584 ksys_write+0x177/0x2a0 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f4b7a9737b9 RSP: 002b:00007ffc5cac3668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b7a9737b9 RDX: 00000000175d9003 RSI: 0000000020000200 RDI: 0000000000000004 RBP: 00007f4b7a933050 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000079f R11: 0000000000000246 R12: 00007f4b7a9330e0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Above issue is happens when enable bigalloc and inline data feature. As commit 131294c35ed6 fixed delayed allocation bug in ext4_clu_mapped for bigalloc + inline. But it only resolved issue when has inline data, if inline data has been converted to extent(ext4_da_convert_inline_data_to_extent) before writepages, there is no EXT4_STATE_MAY_INLINE_DATA flag. However i_data is still store inline data in this scene. Then will trigger UAF when find extent. To resolve above issue, there is need to add judge "ext4_has_inline_data(inode)" in ext4_clu_mapped().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in ext4 extent lookup when bigalloc and inline data are enabled, potentially leading to memory corruption or crash.
Vulnerability
CVE-2023-53692 is a use-after-free vulnerability in the Linux kernel's ext4 filesystem, specifically in the ext4_find_extent function when both the bigalloc and inline data features are enabled. The bug manifests as a read of freed memory in ext4_ext_binsearch_idx during extent tree lookup, as reported by syzbot [1]. The root cause is improper handling of extent tree state when inline data is present, leading to a dangling pointer access.
Exploitation
An attacker can trigger this vulnerability by mounting a crafted ext4 filesystem that has both the bigalloc and inline data features enabled, and then performing write operations that cause delayed allocation (e.g., via buffered writes). No special privileges are required beyond the ability to mount and write to such a filesystem. The attack surface is local, requiring access to a malicious filesystem image or the ability to create one.
Impact
Successful exploitation results in a use-after-free read, which can lead to system crash (denial of service) or potentially information disclosure if the freed memory contains sensitive data. The vulnerability is classified as a high-severity issue due to the risk of memory corruption.
Mitigation
The fix has been backported to stable kernel branches and is included in commits such as [1]. Users should update their Linux kernel to a version containing the patch. No workaround is available other than avoiding the use of bigalloc with inline data on untrusted filesystems.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
80ce15000dee0a34f6dcb78c6770b0613637f40566def189c96d440bee17711c87c8df2ca14da044725a3835659598c67Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/0ce15000dee0ecd6f235f925a327803e2ef489c6nvd
- git.kernel.org/stable/c/11c87c8df2cae1d6be83c07e59fef0792de73482nvd
- git.kernel.org/stable/c/14da044725a3ab10affa3566d29c15737c0e67a4nvd
- git.kernel.org/stable/c/40566def189c513be2c694681256d7486cc6e368nvd
- git.kernel.org/stable/c/770b0613637f59f3091dda1ff0c23671a5326b9cnvd
- git.kernel.org/stable/c/835659598c67907b98cd2aa57bb951dfaf675c69nvd
- git.kernel.org/stable/c/96d440bee177669dc0acedca0abd73bae6a9be8bnvd
- git.kernel.org/stable/c/a34f6dcb78c654ab905642c1b4e7e5fbb4f0babenvd
News mentions
0No linked articles in our index yet.