LiveActive security incident?Get immediate response
CVE Record

CVE-2023-54285: iomap: Fix possible overflow condition in iomap_write_delalloc_scan

In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomap_write_delalloc_scan folio_next_index() returns an unsigned long value which left shifted by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead use folio_pos(folio) + folio_size(folio), which does this correctly.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue is a possible arithmetic overflow in iomap delayed-allocation scanning. The public record ties the concern to 32-bit systems. The available sources do not state a business impact such as privilege escalation, data loss, or remote compromise, so urgency depends on whether affected kernels are present.

Executive priority

Handle through normal kernel patch management unless 32-bit Linux or custom kernels are in use. The lack of CVSS, KEV status, and stated impact prevents a confident emergency rating, but kernel fixes should not be ignored.

Technical view

In iomap_write_delalloc_scan, folio_next_index() returns unsigned long; shifting it by PAGE_SHIFT can overflow on 32-bit systems. The resolved change uses folio_pos(folio) plus folio_size(folio), avoiding the unsafe shifted calculation. Public metadata lists Linux kernel versions and stable commits but provides no CVSS or CWE.

Likely exposure

Exposure is most plausible on Linux systems running affected kernel versions, especially 32-bit builds using kernel code paths involving iomap delayed allocation. Distribution backports may change exposure, so package metadata and vendor advisories matter more than upstream version strings alone.

Exploitation context

The source bundle does not show CISA KEV listing, active exploitation, public exploit availability, or a confirmed security impact beyond a possible overflow condition. Treat exploitation status as not evidenced from the provided sources.

Researcher notes

The affected-version metadata is limited and somewhat hard to interpret from the bundle. The strongest technical evidence is the upstream fix description: avoid unsigned long shift overflow on 32-bit by using folio_pos plus folio_size.

Mitigation direction

  • Check Linux distribution advisories for CVE-2023-54285 coverage.
  • Update affected Linux kernels to vendor-supported builds containing the iomap fix.
  • Prioritize review of 32-bit Linux systems and custom kernels.
  • For self-maintained kernels, confirm the referenced stable commits are included.
  • Track unresolved systems as exceptions until vendor guidance is available.

Validation and detection

  • Inventory Linux kernel versions across servers, appliances, and images.
  • Identify any 32-bit Linux deployments or custom kernel builds.
  • Compare installed kernels with vendor advisories and referenced stable commits.
  • Review package changelogs for CVE-2023-54285 or iomap fix references.
  • Confirm upgraded systems boot the intended fixed kernel.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-54285 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux38be53c3fd7f4f4bd5de319a323d72f9f6beb16d, f43dc4dc3eff028b5ddddd99f3a66c5a6bdd4e78, f43dc4dc3eff028b5ddddd99f3a66c5a6bdd4e78, 6.1.92unaffected
LinuxLinux6.2, 0, 6.1.162, 6.5.5, 6.6affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.