CVE-2023-53832 in Kernel
Zusammenfassung (Englisch)
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix null-ptr-deref in raid10_sync_request
init_resync() inits mempool and sets conf->have_replacemnt at the beginning
of sync, close_sync() frees the mempool when sync is completed.
After [1] recovery might be skipped and init_resync() is called but
close_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio.
The following is one way to reproduce the issue.
1) create a array, wait for resync to complete, mddev->recovery_cp is set
to MaxSector.
2) recovery is woken and it is skipped. conf->have_replacement is set to
0 in init_resync(). close_sync() not called.
3) some io errors and rdev A is set to WantReplacement.
4) a new device is added and set to A's replacement.
5) recovery is woken, A have replacement, but conf->have_replacemnt is
0. r10bio->dev[i].repl_bio will not be alloced and null-ptr-deref
occurs.
Fix it by not calling init_resync() if recovery skipped.
[1] commit 7e83ccbecd60 ("md/raid10: Allow skipping recovery when clean arrays are assembled")
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Zuständig
Linux
Reservieren
09.12.2025
Veröffentlichung
09.12.2025
Status
Bestätigt
Einträge
VulDB provides additional information and datapoints for this CVE:
| ID | Schwachstelle | CWE | Aus | Mas | CVE |
|---|---|---|---|---|---|
| 334987 | Linux Kernel init_resync Denial of Service | 476 | Nicht definiert | Offizieller Fix | CVE-2023-53832 |