CVE-2023-53172Improper Validation of Specified Type of Input in Linux

CWE-1287Improper Validation of Specified Type of Input5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds Commit 56124d6c87fd ("fsverity: support enabling with tree block size f_mode & FMODE_READ))' in __kernel_read() became reachable by fuzz tests. This happens if FS_IOC_ENABLE_VERITY is called on a fd opened with access mode 3, which means "ioctl access only". Arguably, FS_IOC_ENABLE_VERITY should work on ioctl-only fds. But ioctl-only fds are a weird Linux extension that is r

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 6.3.7-1+1
CVEListV5linux/linux56124d6c87fd749477425110d2564166621a89c485c039cff3c359967cafe90443c02321e950b216+2
debiandebian/linux< linux 6.3.7-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-f2h8-669r-j5fx: In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds Commit 56124d6c87fd ("fsveri2025-09-15
OSV
CVE-2023-53172: In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds Commit 56124d6c87fd ("fsverity2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds2025-09-15
Debian
CVE-2023-53172: linux - In the Linux kernel, the following vulnerability has been resolved: fsverity: r...2023
CVE-2023-53172 — Linux vulnerability | cvebase