{"id":"CVE-2023-52582","summary":"netfs: Only call folio_start_fscache() one time for each folio","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only call folio_start_fscache() one time for each folio\n\nIf a network filesystem using netfs implements a clamp_length()\nfunction, it can set subrequest lengths smaller than a page size.\n\nWhen we loop through the folios in netfs_rreq_unlock_folios() to\nset any folios to be written back, we need to make sure we only\ncall folio_start_fscache() once for each folio.\n\nOtherwise, this simple testcase:\n\n  mount -o fsc,rsize=1024,wsize=1024 127.0.0.1:/export /mnt/nfs\n  dd if=/dev/zero of=/mnt/nfs/file.bin bs=4096 count=1\n  1+0 records in\n  1+0 records out\n  4096 bytes (4.1 kB, 4.0 KiB) copied, 0.0126359 s, 324 kB/s\n  echo 3 \u003e /proc/sys/vm/drop_caches\n  cat /mnt/nfs/file.bin \u003e /dev/null\n\nwill trigger an oops similar to the following:\n\n  page dumped because: VM_BUG_ON_FOLIO(folio_test_private_2(folio))\n  ------------[ cut here ]------------\n  kernel BUG at include/linux/netfs.h:44!\n  ...\n  CPU: 5 PID: 134 Comm: kworker/u16:5 Kdump: loaded Not tainted 6.4.0-rc5\n  ...\n  RIP: 0010:netfs_rreq_unlock_folios+0x68e/0x730 [netfs]\n  ...\n  Call Trace:\n    netfs_rreq_assess+0x497/0x660 [netfs]\n    netfs_subreq_terminated+0x32b/0x610 [netfs]\n    nfs_netfs_read_completion+0x14e/0x1a0 [nfs]\n    nfs_read_completion+0x2f9/0x330 [nfs]\n    rpc_free_task+0x72/0xa0 [sunrpc]\n    rpc_async_release+0x46/0x70 [sunrpc]\n    process_one_work+0x3bd/0x710\n    worker_thread+0x89/0x610\n    kthread+0x181/0x1c0\n    ret_from_fork+0x29/0x50","modified":"2026-04-02T09:43:02.350620Z","published":"2024-03-02T21:59:48.490Z","related":["SUSE-SU-2024:1320-1","SUSE-SU-2024:1321-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1490-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52582.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/d9f5537479d4ec97ea92ff24e81a517d5772581a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df1c357f25d808e30b216188330e708e09e1a412"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df9950d37df113db59495fa09d060754366a2b7c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52582.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52582"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3d3c95046742e4eebaa4b891b0b01cbbed94ebbd"},{"fixed":"df9950d37df113db59495fa09d060754366a2b7c"},{"fixed":"d9f5537479d4ec97ea92ff24e81a517d5772581a"},{"fixed":"df1c357f25d808e30b216188330e708e09e1a412"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52582.json"}}],"schema_version":"1.7.5"}