CVE-2023-53210

EPSS 0.02%
Published 15.09.2025 14:21:38
Last modified 15.09.2025 15:22:27
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()

r5l_flush_stripe_to_raid() will check if the list 'flushing_ios' is
empty, and then submit 'flush_bio', however, r5l_log_flush_endio()
is clearing the list first and then clear the bio, which will cause
null-ptr-deref:

T1: submit flush io
raid5d
 handle_active_stripes
  r5l_flush_stripe_to_raid
   // list is empty
   // add 'io_end_ios' to the list
   bio_init
   submit_bio
   // io1

T2: io1 is done
r5l_log_flush_endio
 list_splice_tail_init
 // clear the list
			T3: submit new flush io
			...
			r5l_flush_stripe_to_raid
			 // list is empty
			 // add 'io_end_ios' to the list
			 bio_init
 bio_uninit
 // clear bio->bi_blkg
			 submit_bio
			 // null-ptr-deref

Fix this problem by clearing bio before clearing the list in
r5l_log_flush_endio().

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 711fb92606208a8626b785da4f9f23d648a5b6c8

Version 0dd00cba99c352dc9afd62979f350d808c215cb9

Status affected

Version < 7a8b6d93991bf4b72b3f959baea35397c6c8e521

Version 0dd00cba99c352dc9afd62979f350d808c215cb9

Status affected

Version < e46b2e7be8059d156af8c011dd8d665229b65886

Version 0dd00cba99c352dc9afd62979f350d808c215cb9

Status affected

Version < 0d0bd28c500173bfca78aa840f8f36d261ef1765

Version 0dd00cba99c352dc9afd62979f350d808c215cb9

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.53

Status unaffected

Version <= 6.4.*

Version 6.4.16

Status unaffected

Version <= 6.5.*

Version 6.5.3

Status unaffected

Version <= *

Version 6.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/711fb92606208a8626b785da4f9f23d648a5b6c8

https://git.kernel.org/stable/c/7a8b6d93991bf4b72b3f959baea35397c6c8e521

https://git.kernel.org/stable/c/e46b2e7be8059d156af8c011dd8d665229b65886

https://git.kernel.org/stable/c/0d0bd28c500173bfca78aa840f8f36d261ef1765

https://nvd.nist.gov/vuln/detail/CVE-2023-53210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53210

EUVD