CVE-2023-52569

Published: Mar 2, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquired before and return the error to the caller. This is fine because all existing call chains undo anything they have done before calling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending snapshots in the transaction commit path). So remove the BUG() call and do proper error handling. This relates to a syzbot report linked below, but does not fix it because it only prevents hitting a BUG(), it does not fix the issue where somehow we attempt to use twice the same index number for different index items.

Vendor	Product	Versions
Linux	Linux	affected `9b378f6ad48cfa195ed868db9123c09ee7ec5ea2 - < d10fd53393cc5de4b9cf1a4b8f9984f0a037aa51` affected `9b378f6ad48cfa195ed868db9123c09ee7ec5ea2 - < 2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9` affected `79cf35e16dd5b8639909d4df957503b84de30406` affected `5441532ffc9c8c9f7cab0f8722e6d60a0b5e1259` affected `5.15.149 - < 5.16` +1 more versions
Linux	Linux	affected `6.5` unaffected `0 - < 6.5` unaffected `6.5.6 - <= 6.5.` unaffected `6.6 - <= `

References

https://git.kernel.org/stable/c/d10fd53393cc5de4b9cf1a4b8f9984f0a037aa51

https://git.kernel.org/stable/c/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52569

Description

Affected Products

References