-

CVE-2023-54317

EPSS 0.05%
Veröffentlicht 30.12.2025 12:23:47
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

dm flakey: don't corrupt the zero page

In the Linux kernel, the following vulnerability has been resolved:

dm flakey: don't corrupt the zero page

When we need to zero some range on a block device, the function
__blkdev_issue_zero_pages submits a write bio with the bio vector pointing
to the zero page. If we use dm-flakey with corrupt bio writes option, it
will corrupt the content of the zero page which results in crashes of
various userspace programs. Glibc assumes that memory returned by mmap is
zeroed and it uses it for calloc implementation; if the newly mapped
memory is not zeroed, calloc will return non-zeroed memory.

Fix this bug by testing if the page is equal to ZERO_PAGE(0) and
avoiding the corruption in this case.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version c6cd92fcabd6cc78bb1808c6a18245c842722fc1

Version < b7f8892f672222dbfcc721f51edc03963212b249

Status affected

Version d4c637af2e56ee1ec66ee34d0ac5a13c75911aec

Version < 98e311be44dbe31ad9c42aa067b2359bac451fda

Status affected

Version a00f5276e26636cbf72f24f79831026d2e2868e7

Version < 3c4a56ef7c538d16c1738ba0ccea9e7146105b5a

Status affected

Version a00f5276e26636cbf72f24f79831026d2e2868e7

Version < f2b478228bfdd11e358c5bc197561331f5d5c394

Status affected

Version a00f5276e26636cbf72f24f79831026d2e2868e7

Version < ff60b2bb680ebcaf8890814dd51084a022891469

Status affected

Version a00f5276e26636cbf72f24f79831026d2e2868e7

Version < be360c83f2d810493c04f999d69ec9152981e0c0

Status affected

Version a00f5276e26636cbf72f24f79831026d2e2868e7

Version < 63d31617883d64b43b0e2d529f0751f40713ecae

Status affected

Version a00f5276e26636cbf72f24f79831026d2e2868e7

Version < f50714b57aecb6b3dc81d578e295f86d9c73f078

Status affected

Version 1ed7c9f45fb893877ffa7cedd7aa61beaadbb328

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.0

Status affected

Version 0

Version < 5.0

Status unaffected

Version <= 4.14.*

Version 4.14.308

Status unaffected

Version <= 4.19.*

Version 4.19.276

Status unaffected

Version <= 5.4.*

Version 5.4.235

Status unaffected

Version <= 5.10.*

Version 5.10.173

Status unaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51edc03963212b249

https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa067b2359bac451fda

https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0ccea9e7146105b5a

https://git.kernel.org/stable/c/f2b478228bfdd11e358c5bc197561331f5d5c394

https://git.kernel.org/stable/c/ff60b2bb680ebcaf8890814dd51084a022891469

https://git.kernel.org/stable/c/be360c83f2d810493c04f999d69ec9152981e0c0

https://git.kernel.org/stable/c/63d31617883d64b43b0e2d529f0751f40713ecae

https://git.kernel.org/stable/c/f50714b57aecb6b3dc81d578e295f86d9c73f078

https://nvd.nist.gov/vuln/detail/CVE-2023-54317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54317

EUVD