CVE-2023-53101

MEDIUMNVD 5.55.5—

5.5

In the Linux kernel, the following vulnerability has been resolved:

ext4: zero i_disksize when initializing the bootloader inode

If the boot loader inode has never been used before, the EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the i_size to 0. However, if the "never before used" boot loader has a non-zero i_size, then i_disksize will be non-zero, and the inconsistency between i_size and i_disksize can trigger a kernel warning:

WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319 CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa RIP: 0010:ext4_file_write_iter+0xbc7/0xd10 Call Trace: vfs_write+0x3b1/0x5c0 ksys_write+0x77/0x160 __x64_sys_write+0x22/0x30 do_syscall_64+0x39/0x80

Reproducer:

create corrupted image and mount it:

mke2fs -t ext4 /tmp/foo.img 200 debugfs -wR "sif <5> size 25700" /tmp/foo.img mount -t ext4 /tmp/foo.img /mnt cd /mnt echo 123 > file

Run the reproducer program:

posix_memalign(&buf, 1024, 1024) fd = open("file", O_RDWR | O_DIRECT); ioctl(fd, EXT4_IOC_SWAP_BOOT); write(fd, buf, 1024);

Fix this by setting i_disksize as well as i_size to zero when initiaizing the boot loader inode.

CVSS v3: 5.5
EG Score: 5.5(medium)
EPSS: 5.7%
KEV: Not listed

Published

May 2, 2025

Last Modified

November 10, 2025

References (8)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/01a821aacc64d4b05dafd239dbc9b7856686002f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0d8a6c9a6415999fee1259ccf1796480c026b7d6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3f00c476da8fe7c4c34ea16abb55d74127120413
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/59eee0cdf8c036f554add97a4da7c06d7a9ff34a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9cb27b1e76f0cc886ac09055bc41c0ab3f205167
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9e9a4cc5486356158554f6ad73027d8635a48b34
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d6c1447e483c05dbcfb3ff77ac04237a82070b8c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f5361da1e60d54ec81346aee8e3d8baf1be0b762

Data Freshness Timeline

(refreshed 13× in last 7d / 46× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

2026-06-23 21:31 UTCEPSS rescore
2026-06-23 21:31 UTCEPSS rescore
2026-06-22 14:24 UTCEPSS rescore
2026-06-22 14:24 UTCEPSS rescore
2026-06-21 14:55 UTCEPSS rescore
2026-06-21 14:55 UTCEPSS rescore
2026-06-21 01:58 UTCEPSS rescore
2026-06-21 01:58 UTCEPSS rescore
2026-06-19 19:24 UTCEPSS rescore
2026-06-19 19:24 UTCEPSS rescore
2026-06-18 17:51 UTCEPSS rescore
2026-06-18 13:43 UTCOSV refresh
2026-06-17 17:51 UTCEPSS rescore
2026-06-16 17:51 UTCEPSS rescore
2026-06-16 17:51 UTCEPSS rescore
2026-06-15 17:47 UTCEPSS rescore
2026-06-14 23:16 UTCEPSS rescore
2026-06-13 22:59 UTCEPSS rescore
2026-06-13 22:59 UTCEPSS rescore
2026-06-12 23:11 UTCEPSS rescore
2026-06-11 13:59 UTCEPSS rescore
2026-06-10 22:17 UTCEPSS rescore
2026-06-10 13:21 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore

Show 21 more

2026-06-07 15:24 UTCEPSS rescore
2026-06-07 15:24 UTCEPSS rescore
2026-06-06 13:46 UTCEPSS rescore
2026-06-06 13:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 06:09 UTCEPSS rescore
2026-06-05 06:09 UTCEPSS rescore
2026-06-04 13:11 UTCEPSS rescore
2026-06-04 13:11 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-01 13:51 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 00:15 UTCEPSS rescore
2026-05-31 00:15 UTCEPSS rescore
2026-05-30 06:15 UTCEG score recompute
2026-05-30 06:15 UTCGHSA enrichment
2026-05-30 03:05 UTCOSV refresh
2026-05-29 13:43 UTCEPSS rescore

Frequently asked(5)

What is CVE-2023-53101?

CVE-2023-53101 is a medium vulnerability published on May 2, 2025. In the Linux kernel, the following vulnerability has been resolved: ext4: zero i_disksize when initializing the bootloader inode If the boot loader inode has never been used before, the EXT4IOCSWAP_BOOT inode will initialize it, including setting the i_size to 0. However, if the "never before used"…

When was CVE-2023-53101 disclosed?

CVE-2023-53101 was first published in the National Vulnerability Database on May 2, 2025, with the most recent update on November 10, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2023-53101 actively exploited?

CVE-2023-53101 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 5.7% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2023-53101?

CVE-2023-53101 has a CVSS v3 base score of 5.5 (NVD).

How do I remediate CVE-2023-53101?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2023-53101, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2023-53101

Explore →

Is Your Infrastructure Affected by CVE-2023-53101?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2023-53101

📅 Published

🔄 Last Modified

🔗 References (8)