-
CVE-2023-53832
- EPSS 0.03%
- Veröffentlicht 09.12.2025 01:29:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
md/raid10: fix null-ptr-deref in raid10_sync_request
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix null-ptr-deref in raid10_sync_request
init_resync() inits mempool and sets conf->have_replacemnt at the beginning
of sync, close_sync() frees the mempool when sync is completed.
After [1] recovery might be skipped and init_resync() is called but
close_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio.
The following is one way to reproduce the issue.
1) create a array, wait for resync to complete, mddev->recovery_cp is set
to MaxSector.
2) recovery is woken and it is skipped. conf->have_replacement is set to
0 in init_resync(). close_sync() not called.
3) some io errors and rdev A is set to WantReplacement.
4) a new device is added and set to A's replacement.
5) recovery is woken, A have replacement, but conf->have_replacemnt is
0. r10bio->dev[i].repl_bio will not be alloced and null-ptr-deref
occurs.
Fix it by not calling init_resync() if recovery skipped.
[1] commit 7e83ccbecd60 ("md/raid10: Allow skipping recovery when clean arrays are assembled")Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
38d33593260536840b49fd1dcac9aedfd14a9d42
Status
affected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
14964127be77884003976a392c9faa9ebaabbbe1
Status
affected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
bdbf104b1c91fbf38f82c522ebf75429f094292a
Status
affected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
68695084077e3de9d3e94e09238ace2b6f246446
Status
affected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
b50fd1c3d9d0175aa29ff2706ef36cc178bc356a
Status
affected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
99b503e4edc5938885d839cf0e7571963f75d800
Status
affected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
9e9efc77efd1956cc244af975240f2513d78a371
Status
affected
Version
7e83ccbecd608b971f340e951c9e84cd0343002f
Version <
a405c6f0229526160aa3f177f65e20c86fce84c5
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
3.10
Status
affected
Version
0
Version <
3.10
Status
unaffected
Version <=
4.19.*
Version
4.19.283
Status
unaffected
Version <=
5.4.*
Version
5.4.243
Status
unaffected
Version <=
5.10.*
Version
5.10.180
Status
unaffected
Version <=
5.15.*
Version
5.15.111
Status
unaffected
Version <=
6.1.*
Version
6.1.28
Status
unaffected
Version <=
6.2.*
Version
6.2.15
Status
unaffected
Version <=
6.3.*
Version
6.3.2
Status
unaffected
Version <=
*
Version
6.4
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.085 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|