CVE-2023-53506 — Improper Check or Handling of Exceptional Conditions in Linux

CWE-703 — Improper Check or Handling of Exceptional Conditions5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 97.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore there was a bug in the logic resulting in corrupting extents in the file as syzbot reproducer shows. So just don't bother with the merging of extents that are too long together.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel2.6.12.1 — 4.14.308+7

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — d52252a1de4cf96a34f722b0cd8902d8ff78eb57+8

▶debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-wxmx-9x37-q992: In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we t↗2025-10-01

▶

OSV

CVE-2023-53506: In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try↗2025-10-01

▶

📋Vendor Advisories

Red Hat

kernel: udf: Do not bother merging very long extents↗2025-10-01

▶

Debian

CVE-2023-53506: linux - In the Linux kernel, the following vulnerability has been resolved: udf: Do not...↗2023

▶