DEBIAN-CVE-2023-53832
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53832
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53832.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53832
- Upstream
- Published
- 2025-12-09T16:17:22.133Z
- Modified
- 2025-12-10T10:18:18.255845Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10syncrequest initresync() inits mempool and sets conf->havereplacemnt at the beginning of sync, closesync() frees the mempool when sync is completed. After [1] recovery might be skipped and initresync() is called but closesync() is not. null-ptr-deref occurs with r10bio->dev[i].replbio. The following is one way to reproduce the issue. 1) create a array, wait for resync to complete, mddev->recoverycp is set to MaxSector. 2) recovery is woken and it is skipped. conf->havereplacement is set to 0 in initresync(). closesync() not called. 3) some io errors and rdev A is set to WantReplacement. 4) a new device is added and set to A's replacement. 5) recovery is woken, A have replacement, but conf->havereplacemnt is 0. r10bio->dev[i].replbio will not be alloced and null-ptr-deref occurs. Fix it by not calling init_resync() if recovery skipped. [1] commit 7e83ccbecd60 ("md/raid10: Allow skipping recovery when clean arrays are assembled")
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.191-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source