Vulnerability Database

324,382

Total vulnerabilities in the database

CVE-2023-53672

In the Linux kernel, the following vulnerability has been resolved:

btrfs: output extra debug info if we failed to find an inline backref

[BUG] Syzbot reported several warning triggered inside lookup_inline_extent_backref().

[CAUSE] As usual, the reproducer doesn't reliably trigger locally here, but at least we know the WARN_ON() is triggered when an inline backref can not be found, and it can only be triggered when @insert is true. (I.e. inserting a new inline backref, which means the backref should already exist)

[ENHANCEMENT] After the WARN_ON(), dump all the parameters and the extent tree leaf to help debug.

  • Published: Oct 7, 2025
  • Updated: Feb 4, 2026
  • CVE: CVE-2023-53672
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
linux / linux_kernel 3.9.1 4.14.326
linux / linux_kernel 4.15 4.19.295
linux / linux_kernel 4.20 5.4.257
linux / linux_kernel 5.5 5.10.197
linux / linux_kernel 5.11 5.15.133
linux / linux_kernel 5.16 6.1.55
linux / linux_kernel 6.2 6.5.5
linux / linux_kernel 3.9 3.9.x
linux / linux_kernel 3.9-rc3 3.9-rc3.x
linux / linux_kernel 3.9-rc4 3.9-rc4.x
linux / linux_kernel 3.9-rc5 3.9-rc5.x
linux / linux_kernel 3.9-rc6 3.9-rc6.x
linux / linux_kernel 3.9-rc7 3.9-rc7.x
linux / linux_kernel 3.9-rc8 3.9-rc8.x