CVE-2023-53311— Linux kernel 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2023-53311 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). Previously, nilfs_evict_inode() could cause use-after-free read for nilfs_root if inodes are left in "garbage_list" and released by nilfs_dispose_list at the end of nilfs_detach_log_writer(), and this bug was fixed by commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()"). However, it turned out that there is another possibility of UAF in the call path where mark_inode_dirty_sync() is called from iput(): nilfs_detach_log_writer() nilfs_dispose_list() iput() mark_inode_dirty_sync() __mark_inode_dirty() nilfs_dirty_inode() __nilfs_mark_inode_dirty() nilfs_load_inode_block() --> causes UAF of nilfs_root struct This can happen after commit 0ae45f63d4ef ("vfs: add support for a lazytime mount option"), which changed iput() to call mark_inode_dirty_sync() on its final reference if i_state has I_DIRTY_TIME flag and i_nlink is non-zero. This issue appears after commit 28a65b49eb53 ("nilfs2: do not write dirty data after degenerating to read-only") when using the syzbot reproducer, but the issue has potentially existed before. Fix this issue by adding a "purging flag" to the nilfs structure, setting that flag while disposing the "garbage_list" and checking it in __nilfs_mark_inode_dirty(). Unlike commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()"), this patch does not rely on ns_writer to determine whether to skip operations, so as not to break recovery on mount. The nilfs_salvage_orphan_logs routine dirties the buffer of salvaged data before attaching the log writer, so changing __nilfs_mark_inode_dirty() to skip the operation when ns_writer is NULL will cause recovery write to fail. The purpose of using the cleanup-only flag is to allow for narrowing of such conditions.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于nilfs2文件系统中nilfs_root结构在iput操作期间被释放后重用,可能导致内存损坏。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2023-53311 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2023-53311 的情报信息
请登录查看更多情报信息。
同批安全公告 · Linux · 2025-09-16 · 共 115 条
| CVE-2022-50339 | Linux kernel 安全漏洞 | |
| CVE-2023-53305 | Linux kernel 安全漏洞 | |
| CVE-2023-53304 | Linux kernel 安全漏洞 | |
| CVE-2022-50351 | Linux kernel 安全漏洞 | |
| CVE-2022-50352 | Linux kernel 安全漏洞 | |
| CVE-2022-50350 | Linux kernel 安全漏洞 | |
| CVE-2022-50348 | Linux kernel 安全漏洞 | |
| CVE-2022-50349 | Linux kernel 安全漏洞 | |
| CVE-2022-50347 | Linux kernel 安全漏洞 | |
| CVE-2022-50346 | Linux kernel 安全漏洞 | |
| CVE-2022-50343 | Linux kernel 安全漏洞 | |
| CVE-2022-50344 | Linux kernel 安全漏洞 | |
| CVE-2022-50342 | Linux kernel 安全漏洞 | |
| CVE-2022-50341 | Linux kernel 安全漏洞 | |
| CVE-2022-50340 | Linux kernel 安全漏洞 | |
| CVE-2025-39826 | Linux kernel 安全漏洞 | |
| CVE-2025-39829 | Linux kernel 安全漏洞 | |
| CVE-2025-39828 | Linux kernel 安全漏洞 | |
| CVE-2025-39827 | Linux kernel 安全漏洞 | |
| CVE-2025-39830 | Linux kernel 安全漏洞 |
显示前 20 条,共 115 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2023-53311
暂无评论