CVE-2023-53846Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on direct node in truncate_dnode() syzbot reports below bug: BUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574 Read of size 4 at addr ffff88802a25c000 by task syz-executor148/5000 CPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Goo

Affected Packages4 packages

Linuxlinux/linux_kernel3.8.06.4.10
Debianlinux/linux_kernel< 6.4.11-1+1
CVEListV5linux/linux98e4da8ca301e062d79ae168c67e56f3c3de3ce4af0f716ad3b039cab9d426da63a5ee6c88751185+2
debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

3
OSV
f2fs: fix to do sanity check on direct node in truncate_dnode()2025-12-09
OSV
CVE-2023-53846: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on direct node in truncate_dnode() syzbot reports bel2025-12-09
GHSA
GHSA-2r6x-xmcw-65m8: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on direct node in truncate_dnode() syzbot reports b2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: f2fs: fix to do sanity check on direct node in truncate_dnode()2025-12-09
Debian
CVE-2023-53846: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix t...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53846 Impact, Exploitability, and Mitigation Steps | Wiz