CVE-2023-53765
- Source
- https://cve.org/CVERecord?id=CVE-2023-53765
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53765.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53765
- Downstream
- Related
- Published
- 2025-12-08T01:19:27.831Z
- Modified
- 2026-03-20T12:33:20.190889Z
- Summary
- dm cache: free background tracker's queued work in btracker_destroy
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dm cache: free background tracker's queued work in btracker_destroy
Otherwise the kernel can BUG with:
[ 2245.426978] ============================================================================= [ 2245.435155] BUG btwork (Tainted: G B W ): Objects remaining in btwork on __kmemcacheshutdown() [ 2245.445233] ----------------------------------------------------------------------------- [ 2245.445233] [ 2245.454879] Slab 0x00000000b0ce2b30 objects=64 used=2 fp=0x000000000a3c6a4e flags=0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2245.467300] CPU: 7 PID: 10805 Comm: lvm Kdump: loaded Tainted: G B W 6.0.0-rc2 #19 [ 2245.476078] Hardware name: Dell Inc. PowerEdge R7525/0590KW, BIOS 2.5.6 10/06/2021 [ 2245.483646] Call Trace: [ 2245.486100] <TASK> [ 2245.488206] dump_stacklvl+0x34/0x48 [ 2245.491878] slaberr+0x95/0xcd [ 2245.495028] __kmemcacheshutdown.cold+0x31/0x136 [ 2245.499821] kmem_cachedestroy+0x49/0x130 [ 2245.503928] btrackerdestroy+0x12/0x20 [dmcache] [ 2245.508728] smqdestroy+0x15/0x60 [dmcachesmq] [ 2245.513435] dmcachepolicydestroy+0x12/0x20 [dmcache] [ 2245.518834] destroy+0xc0/0x110 [dmcache] [ 2245.522933] dmtabledestroy+0x5c/0x120 [dmmod] [ 2245.527649] __dmdestroy+0x10e/0x1c0 [dmmod] [ 2245.532102] dev_remove+0x117/0x190 [dmmod] [ 2245.536384] ctlioctl+0x1a2/0x290 [dmmod] [ 2245.540579] dmctlioctl+0xa/0x20 [dmmod] [ 2245.544773] __x64sysioctl+0x8a/0xc0 [ 2245.548524] dosyscall64+0x5c/0x90 [ 2245.552104] ? syscallexittousermode+0x12/0x30 [ 2245.556897] ? dosyscall64+0x69/0x90 [ 2245.560648] ? dosyscall64+0x69/0x90 [ 2245.564394] entrySYSCALL64afterhwframe+0x63/0xcd [ 2245.569447] RIP: 0033:0x7fe52583ec6b ... [ 2245.646771] ------------[ cut here ]------------ [ 2245.651395] kmemcachedestroy btwork: Slab cache still has objects when called from btrackerdestroy+0x12/0x20 [dmcache] [ 2245.651408] WARNING: CPU: 7 PID: 10805 at mm/slabcommon.c:478 kmemcachedestroy+0x128/0x130
Found using: lvm2-testsuite --only "cache-single-split.sh"
Ben bisected and found that commit 0495e337b703 ("mm/slabcommon: Deleting kobject in kmemcachedestroy() without holding slabmutex/cpuhotpluglock") first exposed dm-cache's incomplete cleanup of its background tracker work objects.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53765.json" }- References
-
- https://git.kernel.org/stable/c/673a3af21d5e3ed769f3eaed0c888244290a3506
- https://git.kernel.org/stable/c/95ab80a8a0fef2ce0cc494a306dd283948066ce7
- https://git.kernel.org/stable/c/ed56ad5cacb7a3aeb611494d5d66e2399d2bfecc
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53765.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53765
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git