CVE-2023-53791Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime6 documents5 sources
Severity
3.7LOW
No vector
EPSS
0.0%
top 89.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md: use mddev->external to select holder in export_rdev()") fix the problem that 'claim_rdev' is used for blkdev_get_by_dev() while 'rdev' is used for blkdev_put(). However, if mddev->external is changed from 0 to 1, then 'rdev' is used for blkdev_get_by_dev() while 'claim_rdev' is used for blkdev_put(). And this problem can be reporduced reliably by

Affected Packages4 packages

Linuxlinux/linux_kernel6.5.06.5.5
Debianlinux/linux_kernel< 6.5.6-1+1
CVEListV5linux/linuxa1d7671910965ca9f8f0377e7e3bfd1179fba4d899fcd427178d0f58f5520f8f01df727f8eaeb2c7+2
debiandebian/linux< linux 6.5.6-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-vw78-rr2v-h52q: In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md:2025-12-09
OSV
CVE-2023-53791: In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md: u2025-12-09
OSV
md: fix warning for holder mismatch from export_rdev()2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: md: fix warning for holder mismatch from export_rdev()2025-12-09
Debian
CVE-2023-53791: linux - In the Linux kernel, the following vulnerability has been resolved: md: fix war...2023