{"id":"CVE-2023-52759","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: ignore negated quota changes\n\nWhen lots of quota changes are made, there may be cases in which an\ninode's quota information is increased and then decreased, such as when\nblocks are added to a file, then deleted from it. If the timing is\nright, function do_qc can add pending quota changes to a transaction,\nthen later, another call to do_qc can negate those changes, resulting\nin a net gain of 0. The quota_change information is recorded in the qc\nbuffer (and qd element of the inode as well). The buffer is added to the\ntransaction by the first call to do_qc, but a subsequent call changes\nthe value from non-zero back to zero. At that point it's too late to\nremove the buffer_head from the transaction. Later, when the quota sync\ncode is called, the zero-change qd element is discovered and flagged as\nan assert warning. If the fs is mounted with errors=panic, the kernel\nwill panic.\n\nThis is usually seen when files are truncated and the quota changes are\nnegated by punch_hole/truncate which uses gfs2_quota_hold and\ngfs2_quota_unhold rather than block allocations that use gfs2_quota_lock\nand gfs2_quota_unlock which automatically do quota sync.\n\nThis patch solves the problem by adding a check to qd_check_sync such\nthat net-zero quota changes already added to the transaction are no\nlonger deemed necessary to be synced, and skipped.\n\nIn this case references are taken for the qd and the slot from do_qc\nso those need to be put. The normal sequence of events for a normal\nnon-zero quota change is as follows:\n\ngfs2_quota_change\n   do_qc\n      qd_hold\n      slot_hold\n\nLater, when the changes are to be synced:\n\ngfs2_quota_sync\n   qd_fish\n      qd_check_sync\n         gets qd ref via lockref_get_not_dead\n   do_sync\n      do_qc(QC_SYNC)\n         qd_put\n\t    lockref_put_or_lock\n   qd_unlock\n      qd_put\n         lockref_put_or_lock\n\nIn the net-zero change case, we add a check to qd_check_sync so it puts\nthe qd and slot references acquired in gfs2_quota_change and skip the\nunneeded sync.","modified":"2026-03-23T04:59:19.828942812Z","published":"2024-05-21T16:15:15Z","withdrawn":"2024-12-19T15:41:51.307916Z","related":["SUSE-SU-2024:1979-1","SUSE-SU-2024:1983-1","SUSE-SU-2024:2008-1","SUSE-SU-2024:2011-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2184-1","SUSE-SU-2024:2189-1","SUSE-SU-2024:2190-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/119565e566f91ff3588ffcd5812f0c8061586c6b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1c28dace66015b675a343b89b0c87abbfda05ff4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/212f112fe5e90e98eb8d48585682880dae139f4c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a054b87a1b799b391e578597a42ee6e57a987ae"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2bb42a27a92ff3984c9fa5fbe128eced3ea693f2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4c6a08125f2249531ec01783a5f4317d7342add5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/50e33567bc4a1c4ed79a1d289fe93c9a26491848"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53fc16c1ad84f5467ec24341670b63aa759335d3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5bfda356e903633d16ae1bac1ee38364e12628a3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b4deec69fe32b58dc5fb4ace52456ece85b75561"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2023-52759"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:11","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.205-1"}]}],"versions":["5.10.103-1","5.10.103-1~bpo10+1","5.10.106-1","5.10.113-1","5.10.120-1","5.10.120-1~bpo10+1","5.10.127-1","5.10.127-2","5.10.127-2~bpo10+1","5.10.136-1","5.10.140-1","5.10.148-1","5.10.149-1","5.10.149-2","5.10.158-1","5.10.158-2","5.10.162-1","5.10.178-1","5.10.178-2","5.10.178-3","5.10.179-1","5.10.179-2","5.10.179-3","5.10.179-4","5.10.179-5","5.10.191-1","5.10.197-1","5.10.46-4","5.10.46-5","5.10.70-1","5.10.70-1~bpo10+1","5.10.84-1","5.10.92-1","5.10.92-1~bpo10+1","5.10.92-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52759.json"}},{"package":{"name":"linux","ecosystem":"Debian:12","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.64-1"}]}],"versions":["6.1.27-1","6.1.37-1","6.1.38-1","6.1.38-2","6.1.38-2~bpo11+1","6.1.38-3","6.1.38-4","6.1.38-4~bpo11+1","6.1.52-1","6.1.55-1","6.1.55-1~bpo11+1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52759.json"}},{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.8-1"}]}],"versions":["6.1.106-1","6.1.106-2","6.1.106-3","6.1.112-1","6.1.27-1","6.1.37-1","6.1.38-1","6.1.38-2","6.1.38-2~bpo11+1","6.1.38-3","6.1.38-4","6.1.38-4~bpo11+1","6.1.52-1","6.1.55-1","6.1.55-1~bpo11+1","6.1.64-1","6.1.66-1","6.1.67-1","6.1.69-1","6.1.69-1~bpo11+1","6.1.76-1","6.1.76-1~bpo11+1","6.1.82-1","6.1.85-1","6.1.90-1","6.1.90-1~bpo11+1","6.1.94-1","6.1.94-1~bpo11+1","6.1.98-1","6.1.99-1","6.3.1-1~exp1","6.3.11-1","6.3.2-1~exp1","6.3.4-1~exp1","6.3.5-1~exp1","6.3.7-1","6.3.7-1~bpo12+1","6.4.1-1~exp1","6.4.11-1","6.4.13-1","6.4.4-1","6.4.4-1~bpo12+1","6.4.4-2","6.4.4-3","6.4.4-3~bpo12+1","6.4~rc6-1~exp1","6.4~rc7-1~exp1","6.5.1-1~exp1","6.5.10-1","6.5.10-1~bpo12+1","6.5.13-1","6.5.3-1","6.5.3-1~bpo12+1","6.5.6-1","6.5.8-1","6.5~rc4-1~exp1","6.5~rc6-1~exp1","6.5~rc7-1~exp1","6.6.3-1~exp1","6.6.4-1~exp1","6.6.7-1~exp1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52759.json"}}],"schema_version":"1.7.3"}