{"id":"CVE-2023-53270","summary":"ext4: fix i_disksize exceeding i_size problem in paritally written case","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix i_disksize exceeding i_size problem in paritally written case\n\nIt is possible for i_disksize can exceed i_size, triggering a warning.\n\ngeneric_perform_write\n copied = iov_iter_copy_from_user_atomic(len) // copied \u003c len\n ext4_da_write_end\n | ext4_update_i_disksize\n |  new_i_size = pos + copied;\n |  WRITE_ONCE(EXT4_I(inode)-\u003ei_disksize, newsize) // update i_disksize\n | generic_write_end\n |  copied = block_write_end(copied, len) // copied = 0\n |   if (unlikely(copied \u003c len))\n |    if (!PageUptodate(page))\n |     copied = 0;\n |  if (pos + copied \u003e inode-\u003ei_size) // return false\n if (unlikely(copied == 0))\n  goto again;\n if (unlikely(iov_iter_fault_in_readable(i, bytes))) {\n  status = -EFAULT;\n  break;\n }\n\nWe get i_disksize greater than i_size here, which could trigger WARNING\ncheck 'i_size_read(inode) \u003c EXT4_I(inode)-\u003ei_disksize' while doing dio:\n\next4_dio_write_iter\n iomap_dio_rw\n  __iomap_dio_rw // return err, length is not aligned to 512\n ext4_handle_inode_extension\n  WARN_ON_ONCE(i_size_read(inode) \u003c EXT4_I(inode)-\u003ei_disksize) // Oops\n\n WARNING: CPU: 2 PID: 2609 at fs/ext4/file.c:319\n CPU: 2 PID: 2609 Comm: aa Not tainted 6.3.0-rc2\n RIP: 0010:ext4_file_write_iter+0xbc7\n Call Trace:\n  vfs_write+0x3b1\n  ksys_write+0x77\n  do_syscall_64+0x39\n\nFix it by updating 'copied' value before updating i_disksize just like\next4_write_inline_data_end() does.\n\nA reproducer can be found in the buganizer link below.","modified":"2026-05-18T05:56:52.733235625Z","published":"2025-09-16T08:06:59.730Z","related":["SUSE-SU-2025:03614-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53270.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/18eb23891aeae3229baf8c7c23b76be3364e1967"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1dedde690303c05ef732b7c5c8356fdf60a4ade3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ecea2fee14227712694c8b54ad99d471e61de92"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53877ed201baa6b58f7ce9df92664a839113c30e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d30090eb546d993ea3f3023452540c476ea614a5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53270.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53270"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"64769240bd07f446f83660bb143bb609d8ab4910"},{"fixed":"18eb23891aeae3229baf8c7c23b76be3364e1967"},{"fixed":"d30090eb546d993ea3f3023452540c476ea614a5"},{"fixed":"3ecea2fee14227712694c8b54ad99d471e61de92"},{"fixed":"53877ed201baa6b58f7ce9df92664a839113c30e"},{"fixed":"1dedde690303c05ef732b7c5c8356fdf60a4ade3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53270.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.27"},{"fixed":"5.15.111"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.28"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.15"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.3.0"},{"fixed":"6.3.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53270.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}