CVE-2023-53247 Vulnerability Analysis & Exploit Details

CVE-2023-53247
Vulnerability Scoring

Analysis In Progress

Attack Complexity Details

Attack Complexity:
Attack Complexity Analysis In Progress
Attack Vector:
Attack Vector Under Analysis
Privileges Required: None
No authentication is required for exploitation.
Scope:
Impact is confined to the initially vulnerable component.
User Interaction: None
No user interaction is necessary for exploitation.

CVE-2023-53247 Details

Status: Awaiting Analysis

Published on: 15 Sep 2025, 15:15 UTC

CVSS Release:

CVE-2023-53247 Vulnerability Summary

CVE-2023-53247: In the Linux kernel, the following vulnerability has been resolved: btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand While trying to get the subpage blocksize tests running, I hit the following panic on generic/476 assertion failed: PagePrivate(page) && page->private, in fs/btrfs/subpage.c:229 kernel BUG at fs/btrfs/subpage.c:229! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 1 PID: 1453 Comm: fsstress Not tainted 6.4.0-rc7+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20230301gitf80f052277c8-26.fc38 03/01/2023 pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : btrfs_subpage_assert+0xbc/0xf0 lr : btrfs_subpage_assert+0xbc/0xf0 Call trace: btrfs_subpage_assert+0xbc/0xf0 btrfs_subpage_clear_checked+0x38/0xc0 btrfs_page_clear_checked+0x48/0x98 btrfs_truncate_block+0x5d0/0x6a8 btrfs_cont_expand+0x5c/0x528 btrfs_write_check.isra.0+0xf8/0x150 btrfs_buffered_write+0xb4/0x760 btrfs_do_write_iter+0x2f8/0x4b0 btrfs_file_write_iter+0x1c/0x30 do_iter_readv_writev+0xc8/0x158 do_iter_write+0x9c/0x210 vfs_iter_write+0x24/0x40 iter_file_splice_write+0x224/0x390 direct_splice_actor+0x38/0x68 splice_direct_to_actor+0x12c/0x260 do_splice_direct+0x90/0xe8 generic_copy_file_range+0x50/0x90 vfs_copy_file_range+0x29c/0x470 __arm64_sys_copy_file_range+0xcc/0x498 invoke_syscall.constprop.0+0x80/0xd8 do_el0_svc+0x6c/0x168 el0_svc+0x50/0x1b0 el0t_64_sync_handler+0x114/0x120 el0t_64_sync+0x194/0x198 This happens because during btrfs_cont_expand we'll get a page, set it as mapped, and if it's not Uptodate we'll read it. However between the read and re-locking the page we could have called release_folio() on the page, but left the page in the file mapping. release_folio() can clear the page private, and thus further down we blow up when we go to modify the subpage bits. Fix this by putting the set_page_extent_mapped() after the read. This is safe because read_folio() will call set_page_extent_mapped() before it does the read, and then if we clear page private but leave it on the mapping we're completely safe re-setting set_page_extent_mapped(). With this patch I can now run generic/476 without panicing.

Assessing the Risk of CVE-2023-53247

Access Complexity Graph

The exploitability of CVE-2023-53247 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).

Exploitability Analysis for CVE-2023-53247

No exploitability data is available for CVE-2023-53247.

Understanding AC and PR

A lower complexity and fewer privilege requirements make exploitation easier. Security teams should evaluate these aspects to determine the urgency of mitigation strategies, such as patch management and access control policies.

Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort.

Privileges Required (PR) determine the level of system access necessary for an attack. Vulnerabilities requiring no privileges are more accessible to attackers, whereas high privilege requirements limit exploitation to authorized users with elevated access.

CVSS Score Breakdown Chart

Above is the CVSS Sub-score Breakdown for CVE-2023-53247, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.

CIA Impact Analysis

Below is the Impact Analysis for CVE-2023-53247, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.

Confidentiality: None
CVE-2023-53247 does not compromise confidentiality.
Integrity: None
CVE-2023-53247 does not impact data integrity.
Availability: None
CVE-2023-53247 does not affect system availability.

CVE-2023-53247 References

External References

CWE Common Weakness Enumeration

Unknown

Protect Your Infrastructure against CVE-2023-53247: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

Other 5 Recently Published CVEs Vulnerabilities

CVE-2025-59328 – A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). The issue stems from the insecure deserialization of un...
CVE-2025-59155 – hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-...
CVE-2025-58748 – Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java...
CVE-2025-58177 – n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting (XSS) vulnerability in @n...
CVE-2025-58172 – drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting (XSS) vulnerability exists in the d...