Home

Description

In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds Commit 56124d6c87fd ("fsverity: support enabling with tree block size < PAGE_SIZE") changed FS_IOC_ENABLE_VERITY to use __kernel_read() to read the file's data, instead of direct pagecache accesses. An unintended consequence of this is that the 'WARN_ON_ONCE(!(file->f_mode & FMODE_READ))' in __kernel_read() became reachable by fuzz tests. This happens if FS_IOC_ENABLE_VERITY is called on a fd opened with access mode 3, which means "ioctl access only". Arguably, FS_IOC_ENABLE_VERITY should work on ioctl-only fds. But ioctl-only fds are a weird Linux extension that is rarely used and that few people even know about. (The documentation for FS_IOC_ENABLE_VERITY even specifically says it requires O_RDONLY.) It's probably not worthwhile to make the ioctl internally open a new fd just to handle this case. Thus, just reject the ioctl on such fds for now.

PUBLISHED Reserved 2025-09-15 | Published 2025-09-15 | Updated 2025-09-15 | Assigner Linux

Product status

Default status
unaffected

56124d6c87fd749477425110d2564166621a89c4 (git) before 85c039cff3c359967cafe90443c02321e950b216
affected

56124d6c87fd749477425110d2564166621a89c4 (git) before 04839139213cf60d4c5fc792214a08830e294ff8
affected

Default status
affected

6.3
affected

Any version before 6.3
unaffected

6.3.1 (semver)
unaffected

6.4 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/85c039cff3c359967cafe90443c02321e950b216

git.kernel.org/...c/04839139213cf60d4c5fc792214a08830e294ff8

cve.org (CVE-2023-53172)

nvd.nist.gov (CVE-2023-53172)

Download JSON