5.5

CVE-2023-53299

md/raid10: fix leak of 'r10bio->remaining' for recovery

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix leak of 'r10bio->remaining' for recovery

raid10_sync_request() will add 'r10bio->remaining' for both rdev and
replacement rdev. However, if the read io fails, recovery_request_write()
returns without issuing the write io, in this case, end_sync_request()
is only called once and 'remaining' is leaked, cause an io hang.

Fix the problem by decreasing 'remaining' according to if 'bio' and
'repl_bio' is valid.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.3 < 4.14.315
LinuxLinux Kernel Version >= 4.15 < 4.19.283
LinuxLinux Kernel Version >= 4.20 < 5.4.243
LinuxLinux Kernel Version >= 5.5 < 5.10.180
LinuxLinux Kernel Version >= 5.11 < 5.15.111
LinuxLinux Kernel Version >= 5.16 < 6.1.28
LinuxLinux Kernel Version >= 6.2 < 6.2.15
LinuxLinux Kernel Version >= 6.3 < 6.3.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.036
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/cb827ed2bb34480dc102146d3a1f89fdbcafc028
Patch
https://git.kernel.org/stable/c/1d2c6c6e37fe5de11fd01a82badf03390e12df7a
Patch
https://git.kernel.org/stable/c/8c5d5d7ffd1e76734811b8ea5417cf0432b9952c
Patch
https://git.kernel.org/stable/c/1697fb124c6d6c5237e9cbd78890310154738084
Patch
https://git.kernel.org/stable/c/8d09065802c53cc938d162b62f6c4150b392c90e
Patch
https://git.kernel.org/stable/c/11141630f03efffdfe260b3582b2d93d38171b97
Patch
https://git.kernel.org/stable/c/3481dec5ecbbbbe44ab23e22c2b14bd65c644ec6
Patch
https://git.kernel.org/stable/c/4f82e7e07cdaf2947d71968e3d6b73370a217093
Patch
https://git.kernel.org/stable/c/26208a7cffd0c7cbf14237ccd20c7270b3ffeb7e
Patch