CVE-2023-53210

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53210
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53210.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53210
Downstream
Related
Published
2025-09-15T14:21:38.534Z
Modified
2026-03-20T12:33:01.267382Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()
Details

In the Linux kernel, the following vulnerability has been resolved:

md/raid5-cache: fix null-ptr-deref for r5lflushstripetoraid()

r5lflushstripetoraid() will check if the list 'flushingios' is empty, and then submit 'flushbio', however, r5llogflush_endio() is clearing the list first and then clear the bio, which will cause null-ptr-deref:

T1: submit flush io raid5d handleactivestripes r5lflushstripetoraid // list is empty // add 'ioendios' to the list bioinit submitbio // io1

T2: io1 is done r5llogflushendio listsplicetailinit // clear the list T3: submit new flush io ... r5lflushstripetoraid // list is empty // add 'ioendios' to the list bioinit biouninit // clear bio->biblkg submitbio // null-ptr-deref

Fix this problem by clearing bio before clearing the list in r5llogflush_endio().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53210.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0dd00cba99c352dc9afd62979f350d808c215cb9
Fixed
711fb92606208a8626b785da4f9f23d648a5b6c8
Fixed
7a8b6d93991bf4b72b3f959baea35397c6c8e521
Fixed
e46b2e7be8059d156af8c011dd8d665229b65886
Fixed
0d0bd28c500173bfca78aa840f8f36d261ef1765

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53210.json"