CVE-2023-53683 PUBLISHED

fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()

Assigner: Linux
Reserved: 07.10.2025 Published: 07.10.2025 Updated: 07.10.2025

In the Linux kernel, the following vulnerability has been resolved:

fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()

syzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel to panic.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 61af77acd039ffd221bf7adf0dc95d0a4d377505 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to c074913b12db3632b11588b31bbfb0fa80a0a1c9 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to a75d9211a07fed513c08c5d4861c4a36ac6a74fe (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to c8daee66585897a4c90d937c91e762100237bff9 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 37cab61a52d6f42b2d961c51bcf369f09e235fb5 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 48960a503fcec76d3f72347b7e679dda08ca43be (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 3a9d68d84b2e41ba3f2a727b36f035fad6800492 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 81b21c0f0138ff5a499eafc3eb0578ad2a99622c (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected unaffected from 4.14.316 to 4.14.* (incl.) unaffected from 4.19.284 to 4.19.* (incl.) unaffected from 5.4.244 to 5.4.* (incl.) unaffected from 5.10.181 to 5.10.* (incl.) unaffected from 5.15.113 to 5.15.* (incl.) unaffected from 6.1.30 to 6.1.* (incl.) unaffected from 6.3.4 to 6.3.* (incl.) unaffected from 6.4 to * (incl.)

CVE-2023-53683 PUBLISHED

fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()

Product Status

References