CVE-2023-53618

5.5 MEDIUM
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the Btrfs filesystem allows attackers to trigger a kernel crash (denial of service) by exploiting corrupted on-disk data. This affects systems using Btrfs with reloc tree functionality, primarily Linux servers and workstations. The vulnerability requires local access or ability to write to the filesystem.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions with Btrfs support before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using Btrfs filesystem with reloc tree functionality. Systems not using Btrfs or using other filesystems are not affected.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss if the system is writing to Btrfs volumes during the crash.

🟠

Likely Case

Local denial of service through kernel crash, requiring system reboot to restore functionality.

🟢

If Mitigated

Minimal impact if systems are patched or don't use Btrfs with reloc tree functionality.

🌐 Internet-Facing: LOW - Requires local filesystem access or ability to write to Btrfs volumes, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or compromised accounts with filesystem write access could cause system crashes affecting availability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to create or manipulate Btrfs filesystem metadata to trigger the invalid reloc tree condition. Discovered through fuzzing (syzbot).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel commits: 314135b7bae9618a317874ae195272682cf2d5d4, 3ae93b316ca4b8b3c33798ef1d210355f2fb9318, 6ebcd021c92b8e4b904552e4d87283032100796d, 84256e00eeca73c529fc6196e478cc89b8098157

Vendor Advisory: https://git.kernel.org/stable/c/314135b7bae9618a317874ae195272682cf2d5d4

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories for patched kernel packages. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Btrfs or use alternative filesystem

linux

Avoid using Btrfs filesystem on critical systems until patched

Restrict filesystem write access

linux

Limit users who can write to Btrfs volumes to reduce attack surface

chmod 750 /mountpoint
setfacl -m u:username:rwx /mountpoint

🧯 If You Can't Patch

  • Monitor system logs for Btrfs errors and kernel crashes
  • Implement strict access controls to prevent unauthorized users from writing to Btrfs filesystems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if Btrfs is in use: 'uname -r' and 'mount | grep btrfs'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'uname -r' and check with distribution package manager

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Btrfs error logs mentioning 'reloc tree mismatch'
  • System crash/reboot events

Network Indicators:

  • None - local filesystem vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BTRFS error" AND "reloc tree")

📊 Metadata

CVE ID: CVE-2023-53618
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Published: October 7, 2025
Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON