CVE-2023-53183 Affecting perf package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS6-PERF-12740440
- published16 Sept 2025
- disclosed15 Sept 2025
Introduced: 15 Sep 2025
NewCVE-2023-53183 (opens in a new tab)How to fix?
There is no fixed version for Centos:6 perf.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by Centos.
See How to fix? for Centos:6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
btrfs: exit gracefully if reloc roots don't match
[BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge().
[CAUSE] The root cause of the triggered ASSERT() is we can have a race between quota tree creation and relocation.
This leads us to create a duplicated quota tree in the btrfs_read_fs_root() path, and since it's treated as fs tree, it would have ROOT_SHAREABLE flag, causing us to create a reloc tree for it.
The bug itself is fixed by a dedicated patch for it, but this already taught us the ASSERT() is not something straightforward for developers.
[ENHANCEMENT] Instead of using an ASSERT(), let's handle it gracefully and output extra info about the mismatch reloc roots to help debug.
Also with the above ASSERT() removed, we can trigger ASSERT(0)s inside merge_reloc_roots() later. Also replace those ASSERT(0)s with WARN_ON()s.
References
- https://access.redhat.com/security/cve/CVE-2023-53183
- https://git.kernel.org/stable/c/05d7ce504545f7874529701664c90814ca645c5d
- https://git.kernel.org/stable/c/69dd147de419b04d1d8d2ca67ef424cddd5b8fd5
- https://git.kernel.org/stable/c/9d04716e36654275aea00fb93fc9b30b850925e7
- https://git.kernel.org/stable/c/a96b6519ac71583835cb46d74bc450de5a13877f