2405761 – (CVE-2023-53695) CVE-2023-53695 kernel: udf: Detect system inodes linked into directory hierarchy

Bug 2405761 (CVE-2023-53695) - CVE-2023-53695 kernel: udf: Detect system inodes linked into directory hierarchy

Summary: CVE-2023-53695 kernel: udf: Detect system inodes linked into directory hierarchy

Keywords:
Status:	NEW
Alias:	CVE-2023-53695
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-22 14:05 UTC by OSIDB Bzimport
Modified:	2025-10-25 21:37 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-22 14:05:20 UTC

In the Linux kernel, the following vulnerability has been resolved:

udf: Detect system inodes linked into directory hierarchy

When UDF filesystem is corrupted, hidden system inodes can be linked
into directory hierarchy which is an avenue for further serious
corruption of the filesystem and kernel confusion as noticed by syzbot
fuzzed images. Refuse to access system inodes linked into directory
hierarchy and vice versa.

Comment 1 Jon Moroney 2025-10-22 16:39:30 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53695-f553@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.