VDB

CVE-2023-53796

CVE-2023-53796 PUBLISHED CVSS 8.699999809265137 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zero-initializing the block. This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded initializing when converting inline dentry"), which didn't consider the security implications of leaking uninitialized memory to disk. This was found by running xfstest generic/435 on a KMSAN-enabled kernel.

EPSS 0.04% · 12.5th percentile

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.04%
12.5th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel4.3, 4.3, 4.3
LinuxLinux4ec17d688d74b6b7cb10043c57ff4818cde2b0ca, 4ec17d688d74b6b7cb10043c57ff4818cde2b0ca, 4ec17d688d74b6b7cb10043c57ff4818cde2b0ca

Timeline

  • Dec 9, 2025 EPSS Score
  • Dec 9, 2025 CVE Published
  • Dec 13, 2025 EPSS Score
  • Dec 17, 2025 EPSS Score
  • Dec 22, 2025 EPSS Score
  • Dec 26, 2025 EPSS Score
  • Dec 30, 2025 EPSS Score
  • Jan 3, 2026 EPSS Score
  • Jan 7, 2026 EPSS Score
  • Jan 12, 2026 EPSS Score
  • Jan 16, 2026 EPSS Score
  • Jan 20, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›