CVE-2023-53137: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53137 is a vulnerability discovered in the Linux kernel's ext4 filesystem that was published on May 2, 2025. The vulnerability affects the directory renaming functionality in the ext4 filesystem, where a race condition can occur during directory move operations (NVD).

The vulnerability occurs during directory rename operations in the ext4 filesystem. When renaming a directory to a different location, the system needs to update the '..' entry in the moved directory. However, there was no protection against the moved directory being modified and potentially converted from inline format to normal format during this operation. This race condition could lead to the rename code becoming confused and ultimately causing a system crash. The vulnerability has been assigned a CVSS 3.1 score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat, Wiz).

When exploited, this vulnerability can lead to possible filesystem corruption and system crashes during directory move operations. The issue affects the stability and reliability of systems using the ext4 filesystem (Wiz).

The issue has been fixed by implementing proper locking of the moved directory during rename operations. Fixed versions are available in various Linux distributions including Debian Bullseye (5.10.234-1), Bookworm (6.1.135-1), and Trixie (6.12.22-1). Ubuntu has also released fixes for versions 22.04 LTS (5.15.0-79.86), 20.04 LTS (5.4.0-156.173), and 18.04 LTS (Debian).