btrfs: lock the inode in shared mode before starting fiemap
CVE-2023-52737

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2024

What is CVE-2023-52737?

A vulnerability in the Linux kernel's btrfs file system has been identified that can result in deadlock situations. This occurs because the fiemap operation fails to acquire the inode's lock. Instead, it only locks a file range in the inode's IO tree, potentially leading to blocking scenarios when concurrent fsync operations are executed. The conflict arises from the inode's i_mmap_lock semaphore, which is utilized by both fsync and the btrfs_page_mkwrite() function. If a fault occurs while accessing user space buffers during fiemap, it can lead to prolonged blocking of tasks, affecting overall system functionality and potentially leading to data loss or corruption.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 885f46d87f29a94eafe3cc707d5c4dea2be248f3

Linux 885f46d87f29a94eafe3cc707d5c4dea2be248f3 < 519b7e13b5ae8dd38da1e52275705343be6bb508

Linux 5.13

References

https://git.kernel.org/stable/c/d8c594da79bc0244e610a7059...

https://git.kernel.org/stable/c/519b7e13b5ae8dd38da1e5227...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2024
Vulnerability Reserved
May 21, 2024

JSON

Linux

What is CVE-2023-52737?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.