CVE-2023-53722

If rddev->raiddisk is greater than mddev->raiddisks, there will be an out-of-bounds in raid1removedisk(). We have already found similar reports as follows:

1) commit d17f744e883b ("md-raid10: fix KASAN warning") 2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5removedisk")

Fix this bug by checking whether the "number" variable is valid.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53722.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b8321b68d1445f308324517e45fb0a5c2b48e271

Fixed

beedf40f73939f248c81802eda08a2a8148ea13e

Fixed

91fbd4e75cb573f44d2619a9dc2f9ba927040760

Fixed

25a68f2286be56fb3a6f9fa0e269c04b5e6c6e24

Fixed

7993cfc041481a3a9cd4a3858088fc846b8ccaf7

Fixed

4f96c0665f9f4cf70130c9757750dc43dc679c82

Fixed

4f7d853b4590fc20e90dd50e346c02811a8c5b08

Fixed

4bdb92eaf645e312975357adc3c4e9523b6e67f1

Fixed

8b0472b50bcf0f19a5119b00a53b63579c8e1e4d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53722.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.0

Fixed

4.14.326

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.295

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.257

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.197

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.133

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.55

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.5.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53722.json"