CVE-2023-53506

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as much length as possible to the first extent. However this is unnecessarily complicated and not really worth the trouble. Furthermore there was a bug in the logic resulting in corrupting extents in the file as syzbot reproducer shows. So just don't bother with the merging of extents that are too long together.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3d20e3b768aff32112bdce8d3219d923ae75f9f1	Patch
https://git.kernel.org/stable/c/53cafe1d6d8ef9f93318e5bfccc0d24f27d41ced	Patch
https://git.kernel.org/stable/c/5d029799d381a9ee06209a222cae75f04c5d5304	Patch
https://git.kernel.org/stable/c/7a965da79f2d22601f329cbfce588386b0847544	Patch
https://git.kernel.org/stable/c/965982feb333aefa9256c0fe188b5f1b958aef63	Patch
https://git.kernel.org/stable/c/9a8d602f0723586e668bae7e65c832ceb9bcc8bc	Patch
https://git.kernel.org/stable/c/adac9ac6d2e04ea0782b91a00ba10706002f3ec4	Patch
https://git.kernel.org/stable/c/d52252a1de4cf96a34f722b0cd8902d8ff78eb57	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.12:rc5::::::

History

No history.

Information

Published : 2025-10-01 12:15

Updated : 2026-01-23 02:04

NVD link : CVE-2023-53506

Mitre link : CVE-2023-53506

CVE.ORG link : CVE-2023-53506

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-53506", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-10-01T12:15:54.320", "references": [{"url": "https://git.kernel.org/stable/c/3d20e3b768aff32112bdce8d3219d923ae75f9f1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/53cafe1d6d8ef9f93318e5bfccc0d24f27d41ced", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5d029799d381a9ee06209a222cae75f04c5d5304", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7a965da79f2d22601f329cbfce588386b0847544", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/965982feb333aefa9256c0fe188b5f1b958aef63", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9a8d602f0723586e668bae7e65c832ceb9bcc8bc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/adac9ac6d2e04ea0782b91a00ba10706002f3ec4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d52252a1de4cf96a34f722b0cd8902d8ff78eb57", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Do not bother merging very long extents\n\nWhen merging very long extents we try to push as much length as possible\nto the first extent. However this is unnecessarily complicated and not\nreally worth the trouble. Furthermore there was a bug in the logic\nresulting in corrupting extents in the file as syzbot reproducer shows.\nSo just don't bother with the merging of extents that are too long\ntogether."}], "lastModified": "2026-01-23T02:04:05.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DE1347D-DA3C-46C6-A00B-0AEFD5AB4178", "versionEndExcluding": "4.14.308", "versionStartIncluding": "2.6.12.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C902FC54-DDBD-4DA6-BFEF-26889A267464", "versionEndExcluding": "4.19.276", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13DD5E68-8CB4-46EE-9A8F-C7F6C1A84430", "versionEndExcluding": "5.4.235", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D810CFB-B7C5-493C-B98A-0D5F0D8A47B6", "versionEndExcluding": "5.10.173", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B8B2AC9-2F31-4A0F-96F5-7E26B50B27BB", "versionEndExcluding": "5.15.99", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FD95FDA-6525-4B13-B3FB-49D9995FD8ED", "versionEndExcluding": "6.1.16", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88C67289-22AD-4CA9-B202-5F5A80E5BA4B", "versionEndExcluding": "6.2.3", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}