LiveActive security incident?Get immediate response
CVE Record

CVE-2023-54177: quota: fix warning in dqgrab()

In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab() There's issue as follows when do fault injection: WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0 Modules linked in: CPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541 RIP: 0010:dquot_disable+0x13b7/0x18c0 RSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980 RDX: 0000000000000000 RSI: ffff88825e41b980 RDI: 0000000000000002 RBP: ffff888179f68000 R08: ffffffff82087ca7 R09: 0000000000000000 R10: 0000000000000001 R11: ffffed102f3ed026 R12: ffff888179f68130 R13: ffff888179f68110 R14: dffffc0000000000 R15: ffff888179f68118 FS: 00007f450a073740(0000) GS:ffff88882fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe96f2efd8 CR3: 000000025c8ad000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> dquot_load_quota_sb+0xd53/0x1060 dquot_resume+0x172/0x230 ext4_reconfigure+0x1dc6/0x27b0 reconfigure_super+0x515/0xa90 __x64_sys_fsconfig+0xb19/0xd20 do_syscall_64+0x39/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Above issue may happens as follows: ProcessA ProcessB ProcessC sys_fsconfig vfs_fsconfig_locked reconfigure_super ext4_remount dquot_suspend -> suspend all type quota sys_fsconfig vfs_fsconfig_locked reconfigure_super ext4_remount dquot_resume ret = dquot_load_quota_sb add_dquot_ref do_open -> open file O_RDWR vfs_open do_dentry_open get_write_access atomic_inc_unless_negative(&inode->i_writecount) ext4_file_open dquot_file_open dquot_initialize __dquot_initialize dqget atomic_inc(&dquot->dq_count); __dquot_initialize __dquot_initialize dqget if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) ext4_acquire_dquot -> Return error DQ_ACTIVE_B flag isn't set dquot_disable invalidate_dquots if (atomic_read(&dquot->dq_count)) dqgrab WARN_ON_ONCE(!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) -> Trigger warning In the above scenario, 'dquot->dq_flags' has no DQ_ACTIVE_B is normal when dqgrab(). To solve above issue just replace the dqgrab() use in invalidate_dquots() with atomic_inc(&dquot->dq_count).

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue is a quota-handling bug that can trigger a kernel warning during concurrent filesystem reconfiguration and file open activity. The public record describes a resolved warning, not confirmed code execution or privilege escalation. Treat it as a kernel hygiene and stability update, with urgency driven by whether affected Linux kernel versions are present.

Executive priority

Handle through normal kernel patch governance unless internal exposure is broad or affected systems are stability-critical. There is no sourced evidence of active exploitation, but incomplete severity scoring means teams should not ignore it.

Technical view

The flaw is in Linux quota handling. During ext4 remount, dquot_suspend, dquot_resume, and dquot initialization races, invalidate_dquots could call dqgrab on a dquot without DQ_ACTIVE_B set, triggering WARN_ON_ONCE. The fix replaces that dqgrab use with atomic_inc on dq_count in stable kernel commits.

Likely exposure

Exposure is limited to Linux systems running affected kernel versions listed in the CVE record, especially systems using quota and ext4 reconfiguration paths. The provided data does not identify distributions, appliances, cloud images, or packaged vendor advisories.

Exploitation context

The source describes reproduction through fault injection and concurrent kernel/filesystem activity. CISA KEV status is false, and the bundle provides no evidence of active exploitation, public exploit use, remote reachability, privilege escalation, or data compromise.

Researcher notes

The evidence supports a concurrency-related warning in quota code, not a fully characterized security impact. Key unknowns are exploitability, distribution-specific exposure, required privileges for the triggering path, and whether local policies make kernel warnings operationally severe.

Mitigation direction

  • Identify Linux kernel versions across servers, appliances, containers hosts, and cloud images.
  • Apply vendor or distribution kernel updates containing the referenced stable fixes.
  • If self-building kernels, review the listed upstream stable commits before backporting.
  • Prioritize systems using filesystem quotas or frequent ext4 remount/reconfiguration workflows.
  • Monitor vendor advisories because package-level fixed versions are not provided here.

Validation and detection

  • Compare running kernel versions against the affected and fixed version data in the CVE record.
  • Confirm installed distribution packages include the relevant upstream stable commit.
  • Check kernel logs for quota, dquot, ext4, fsconfig, or WARN_ON_ONCE messages.
  • Verify quota-enabled ext4 systems are included in patch compliance reporting.
  • Retest any operational workflows that remount or reconfigure ext4 filesystems.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-54177 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
9Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux9f985cb6c45bc3f8b7e161c9658d409d051d576f, 9f985cb6c45bc3f8b7e161c9658d409d051d576f, 9f985cb6c45bc3f8b7e161c9658d409d051d576f, 9f985cb6c45bc3f8b7e161c9658d409d051d576f, 9f985cb6c45bc3f8b7e161c9658d409d051d576f, 9f985cb6c45bc3f8b7e161c9658d409d051d576f, 9f985cb6c45bc3f8b7e161c9658d409d051d576f, 9f985cb6c45bc3f8b7e161c9658d409d051d576f, b5258061a2a8f657aa5900dd3c1ded9e868e3544, 3.12.24unaffected
LinuxLinux3.15, 0, 4.14.324, 4.19.293, 5.4.255, 5.10.192, 5.15.123, 6.1.42, 6.4.7, 6.5affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.