CVE-2023-53804
Description
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). However, since nilfs_evict_inode() uses nilfs_root for some cleanup operations, it may cause use-after-free read if inodes are left in "garbage_list" and released by nilfs_dispose_list() at the end of nilfs_detach_log_writer().
Fix this issue by modifying nilfs_evict_inode() to only clear inode without additional metadata changes that use nilfs_root if the file system is degraded to read-only or the writer is detached.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free vulnerability in nilfs2's evict_inode allows local attackers to cause a kernel crash or potentially execute code during unmount when inodes are left in garbage_list.
Vulnerability Details In the Linux kernel's nilfs2 filesystem, a use-after-free bug exists in nilfs_evict_inode(). During unmount, nilfs_detach_log_writer() frees the nilfs_root structure, but if inodes remain on the "garbage_list", nilfs_evict_inode() may still access the freed nilfs_root for cleanup, leading to a use-after-free read.
Exploitation An attacker with local access and the ability to mount a nilfs2 filesystem could trigger this condition by leaving inodes in the garbage list during unmount. No special privileges beyond normal user access are required if the attacker can mount and unmount filesystems. The race condition occurs during the unmount process.
Impact Successful exploitation could cause a kernel crash (denial of service) or potentially allow arbitrary code execution in kernel context, depending on memory state. The use-after-free can corrupt kernel memory.
Mitigation The fix, included in kernel stable updates [1][2][3][4], modifies nilfs_evict_inode() to skip metadata operations that use nilfs_root when the filesystem is read-only or the writer is detached. Users should apply latest kernel updates to mitigate this vulnerability.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
8f31e18131ee22a782ea8ebd7116d53f09ff56b4205ea9790b8427b8522d9acc2a40e428ffb8e8d58f1169b5a04ac3ad9Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/116d53f09ff52e6f98e3fe1f85d8898d6ba26c68nvd
- git.kernel.org/stable/c/2a782ea8ebd712a458466e3103e2881b4f886cb5nvd
- git.kernel.org/stable/c/6b4205ea97901f822004e6c8d59484ccfda03faanvd
- git.kernel.org/stable/c/9b5a04ac3ad9898c4745cba46ea26de74ba56a8envd
- git.kernel.org/stable/c/acc2a40e428f12780004e1e9fce4722d88f909fdnvd
- git.kernel.org/stable/c/b8427b8522d9ede53015ba45a9978ba68d1162f5nvd
- git.kernel.org/stable/c/f31e18131ee2ce80a4da5c808221d25b1ae9ad6dnvd
- git.kernel.org/stable/c/fb8e8d58f116d069e5939e1f786ac84e7fa4533envd
News mentions
0No linked articles in our index yet.