VDB

DEBIAN-CVE-2023-53796

DEBIAN-CVE-2023-53796 PUBLISHED CVSS 8.699999809265137 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zero-initializing the block. This bug was introduced by commit 4ec17d688d74 ("f2fs: avoid unneeded initializing when converting inline dentry"), which didn't consider the security implications of leaking uninitialized memory to disk. This was found by running xfstest generic/435 on a KMSAN-enabled kernel.

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:11linux*, 5.10.70-1, 5.10.84-1
Debian:12linux0, 0, 0
Debian:14linux0, 0, 0
Debian:13linux0, 0, 0

Timeline

  • Dec 9, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›