{"id":"CVE-2023-53323","summary":"ext2/dax: Fix ext2_setsize when len is page aligned","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next2/dax: Fix ext2_setsize when len is page aligned\n\nPAGE_ALIGN(x) macro gives the next highest value which is multiple of\npagesize. But if x is already page aligned then it simply returns x.\nSo, if x passed is 0 in dax_zero_range() function, that means the\nlength gets passed as 0 to -\u003eiomap_begin().\n\nIn ext2 it then calls ext2_get_blocks -\u003e max_blocks as 0 and hits bug_on\nhere in ext2_get_blocks().\n\tBUG_ON(maxblocks == 0);\n\nInstead we should be calling dax_truncate_page() here which takes\ncare of it. i.e. it only calls dax_zero_range if the offset is not\npage/block aligned.\n\nThis can be easily triggered with following on fsdax mounted pmem\ndevice.\n\ndd if=/dev/zero of=file count=1 bs=512\ntruncate -s 0 file\n\n[79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk\n[79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff)\n[93.793207] ------------[ cut here ]------------\n[93.795102] kernel BUG at fs/ext2/inode.c:637!\n[93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139\n[93.806459] RIP: 0010:ext2_get_blocks.constprop.0+0x524/0x610\n\u003c...\u003e\n[93.835298] Call Trace:\n[93.836253]  \u003cTASK\u003e\n[93.837103]  ? lock_acquire+0xf8/0x110\n[93.838479]  ? d_lookup+0x69/0xd0\n[93.839779]  ext2_iomap_begin+0xa7/0x1c0\n[93.841154]  iomap_iter+0xc7/0x150\n[93.842425]  dax_zero_range+0x6e/0xa0\n[93.843813]  ext2_setsize+0x176/0x1b0\n[93.845164]  ext2_setattr+0x151/0x200\n[93.846467]  notify_change+0x341/0x4e0\n[93.847805]  ? lock_acquire+0xf8/0x110\n[93.849143]  ? do_truncate+0x74/0xe0\n[93.850452]  ? do_truncate+0x84/0xe0\n[93.851739]  do_truncate+0x84/0xe0\n[93.852974]  do_sys_ftruncate+0x2b4/0x2f0\n[93.854404]  do_syscall_64+0x3f/0x90\n[93.855789]  entry_SYSCALL_64_after_hwframe+0x72/0xdc","modified":"2026-04-02T09:44:00.084652Z","published":"2025-09-16T16:11:58.877Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53323.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e54fd14bd143c261e52fde74355e85e9526c58c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fcced95b6ba2a507a83b8b3e0358a8ac16b13e35"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53323.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53323"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2aa3048e03d38d5358be2553d4b638c1a018498c"},{"fixed":"9e54fd14bd143c261e52fde74355e85e9526c58c"},{"fixed":"5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab"},{"fixed":"fcced95b6ba2a507a83b8b3e0358a8ac16b13e35"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53323.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}