{"id":"CVE-2023-53796","summary":"f2fs: fix information leak in f2fs_move_inline_dirents()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix information leak in f2fs_move_inline_dirents()\n\nWhen converting an inline directory to a regular one, f2fs is leaking\nuninitialized memory to disk because it doesn't initialize the entire\ndirectory block.  Fix this by zero-initializing the block.\n\nThis bug was introduced by commit 4ec17d688d74 (\"f2fs: avoid unneeded\ninitializing when converting inline dentry\"), which didn't consider the\nsecurity implications of leaking uninitialized memory to disk.\n\nThis was found by running xfstest generic/435 on a KMSAN-enabled kernel.","modified":"2026-04-02T09:45:11.948942Z","published":"2025-12-09T00:00:52.919Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53796.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/00b5587326625d0fddb2a5f5a3d4acd950102ace"},{"type":"WEB","url":"https://git.kernel.org/stable/c/117d4f6687b1f74423b5d398ea95c63b262a8e73"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2bef8314fcf94ddc27e22d03f237c0fafd00de33"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4e3b4b170bd43db1d8a93a6bd0ea434b17cc86f7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9a5571cff4ffcfc24847df9fd545cc5799ac0ee5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6807ef0f3b3d8508d3b07a2e35de8a91820a014"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eebaecef0095bb8f493c03982da75c6e7bae1056"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f07a8d61b6ea81bb3cbe0638af40f8824d6147fd"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53796.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53796"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4ec17d688d74b6b7cb10043c57ff4818cde2b0ca"},{"fixed":"4e3b4b170bd43db1d8a93a6bd0ea434b17cc86f7"},{"fixed":"a6807ef0f3b3d8508d3b07a2e35de8a91820a014"},{"fixed":"2bef8314fcf94ddc27e22d03f237c0fafd00de33"},{"fixed":"00b5587326625d0fddb2a5f5a3d4acd950102ace"},{"fixed":"117d4f6687b1f74423b5d398ea95c63b262a8e73"},{"fixed":"f07a8d61b6ea81bb3cbe0638af40f8824d6147fd"},{"fixed":"eebaecef0095bb8f493c03982da75c6e7bae1056"},{"fixed":"9a5571cff4ffcfc24847df9fd545cc5799ac0ee5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53796.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.3.0"},{"fixed":"4.14.308"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.276"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.235"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.173"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.99"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53796.json"}}],"schema_version":"1.7.5"}