CVE-2023-53845
Description
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix infinite loop in nilfs_mdt_get_block()
If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfs_bmap_lookup_at_level() may return the same internal return code as -ENOENT, meaning the block does not exist in the metadata file.
This duplication of return codes confuses nilfs_mdt_get_block(), causing it to read and create a metadata block indefinitely.
In particular, if this happens to the inode metadata file, ifile, semaphore i_rwsem can be left held, causing task hangs in lock_mount.
Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block address translation failures with -ENOENT as metadata corruption instead of returning the error code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's nilfs2 filesystem, a corrupted disk image can cause an infinite loop in nilfs_mdt_get_block(), leading to system hangs.
Vulnerability
Description
CVE-2023-53845 is a vulnerability in the Linux kernel's nilfs2 filesystem. When a corrupted disk image is mounted, nilfs_bmap_lookup_at_level() may erroneously return -ENOENT, confusing nilfs_mdt_get_block() into reading and creating a metadata block indefinitely, resulting in an infinite loop [1].
Attack
Surface
An attacker must supply a corrupted nilfs2 filesystem image that triggers the invalid block lookup. Mounting such an image requires no special privileges beyond the ability to mount a filesystem; however, the attacker must have control over the storage medium or a means to inject the malicious image.
Impact
The infinite loop causes the inode metadata file (ifile) to hold the i_rwsem semaphore indefinitely, leading to task hangs in lock_mount and ultimately system unresponsiveness. This constitutes a denial-of-service (DoS) condition.
Mitigation
Patches have been applied to the Linux kernel stable branches [1][2]. The fix modifies nilfs_bmap_lookup_at_level() to treat -ENOENT from virtual block address translation as metadata corruption rather than propagating the error code, thereby breaking the infinite loop.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
9cfb0bb4fbd40d536f9976bb0fe1cbbcb1a258a89d36a07af8d07d911964225457d07c81434c5f17222b55b29661669cba6a491c04888Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- git.kernel.org/stable/c/25457d07c8146e57d28906c663def033dc425af6nvd
- git.kernel.org/stable/c/34c5f17222b50c79848bb03ec8811648813e6a45nvd
- git.kernel.org/stable/c/5b29661669cb65b9750a3cf70ed3eaf947b92167nvd
- git.kernel.org/stable/c/8a89d36a07afe1ed4564df51fefa2bb556c85412nvd
- git.kernel.org/stable/c/8d07d9119642ba43d21f8ba64d51d01931096b20nvd
- git.kernel.org/stable/c/a6a491c048882e7e424d407d32cba0b52d9ef2bfnvd
- git.kernel.org/stable/c/cfb0bb4fbd40c1f06da7e9f88c0a2d46155b90c2nvd
- git.kernel.org/stable/c/d536f9976bb04e9c84cf80045a9355975e418f41nvd
- git.kernel.org/stable/c/fe1cbbcb1a2532ee1654e1ff121be8906d83c6f0nvd
News mentions
0No linked articles in our index yet.