CVE-2023-54311
Description
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix deadlock when converting an inline directory in nojournal mode
In no journal mode, ext4_finish_convert_inline_dir() can self-deadlock by calling ext4_handle_dirty_dirblock() when it already has taken the directory lock. There is a similar self-deadlock in ext4_incvert_inline_data_nolock() for data files which we'll fix at the same time.
A simple reproducer demonstrating the problem:
mke2fs -Fq -t ext2 -O inline_data -b 4k /dev/vdc 64 mount -t ext4 -o dirsync /dev/vdc /vdc cd /vdc mkdir file0 cd file0 touch file0 touch file1 attr -s BurnSpaceInEA -V abcde . touch supercalifragilisticexpialidocious
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A deadlock in ext4's inline directory conversion in nojournal mode can cause a system hang, fixed by avoiding a lock recursion in ext4_finish_convert_inline_dir.
Vulnerability
CVE-2023-54311 describes a self-deadlock in the Linux kernel's ext4 filesystem when converting inline directories in nojournal mode. The bug occurs in ext4_finish_convert_inline_dir() when it calls ext4_handle_dirty_dirblock() while already holding the directory lock, leading to a deadlock. A similar issue exists in ext4_convert_inline_data_nolock() for data files.
Exploitation
An attacker with local access can trigger the deadlock by performing a sequence of operations on an ext4 filesystem mounted with -o dirsync and formatted with -O inline_data. The provided reproducer involves creating a directory, adding files, setting an extended attribute, and then creating a file with a long name, which forces the inline directory to be converted to a block-based directory.
Impact
Successful exploitation causes a system hang due to the deadlock, resulting in a denial of service (DoS). The vulnerability does not require special privileges beyond the ability to create files and directories on the affected filesystem.
Mitigation
The fix is included in Linux kernel stable updates. Patches are available in the kernel git repository [1][2][3]. Users should apply the latest kernel updates from their distribution.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
7b4fa4768c9ac5f8b55136ad7640c8c365999665cc3ba50330b1c4357bb21804de0c72cd4f4ce24f54d9cVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- git.kernel.org/stable/c/0b1c4357bb21d9770451a1bdb8d419ea10bada88nvd
- git.kernel.org/stable/c/5f8b55136ad787aed2c184f7cb3e93772ae637a3nvd
- git.kernel.org/stable/c/640c8c365999c6f23447ac766437236ad88317c5nvd
- git.kernel.org/stable/c/665cc3ba50330049524c1d275bc840a8f28dde73nvd
- git.kernel.org/stable/c/804de0c72cd473e186ca4e1f6287d45431b14e5anvd
- git.kernel.org/stable/c/b4fa4768c9acff77245d672d855d2c88294850b1nvd
- git.kernel.org/stable/c/f4ce24f54d9cca4f09a395f3eecce20d6bec4663nvd
News mentions
0No linked articles in our index yet.