CVE-2023-53695

Vulnerability

Details

CVE-2023-53695 is a security flaw in the Linux kernel's UDF (Universal Disk Format) filesystem implementation. When a corrupted UDF image is mounted, hidden system inodes can be improperly linked into the directory hierarchy. This violates the filesystem's internal structure and can lead to further serious corruption of the filesystem and kernel confusion, as observed by syzbot fuzzed images [1].

Exploitation

Exploitation requires an attacker to present a maliciously crafted UDF filesystem image to the kernel, typically by mounting it. No special privileges beyond the ability to mount a filesystem are needed; the attack can be triggered by a local user or via a removable media. The kernel does not properly validate that system inodes are not exposed in the directory tree, allowing the attacker to cause the kernel to access these hidden inodes through normal directory operations.

Impact

An attacker can cause the kernel to operate on system inodes as if they were regular files or directories, leading to memory corruption, kernel panics, or potential privilege escalation. The vulnerability was discovered through syzbot fuzzing, indicating it can be reliably triggered.

Mitigation

The fix, committed to the Linux kernel stable branches, adds checks to refuse access to system inodes linked into the directory hierarchy and vice versa [1][2][3]. Users should update their kernel to a version containing the patch. No workaround is available other than avoiding mounting untrusted UDF images.