CVE-2023-53832Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool and sets conf->have_replacemnt at the beginning of sync, close_sync() frees the mempool when sync is completed. After [1] recovery might be skipped and init_resync() is called but close_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio. The following is one way to reproduce the issue. 1) create a array, wait for resync to comple

Affected Packages4 packages

Linuxlinux/linux_kernel3.10.04.19.283+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux7e83ccbecd608b971f340e951c9e84cd0343002f38d33593260536840b49fd1dcac9aedfd14a9d42+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53832: In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool a2025-12-09
OSV
md/raid10: fix null-ptr-deref in raid10_sync_request2025-12-09
GHSA
GHSA-f28c-m9h4-3wr6: In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10_sync_request init_resync() inits mempool2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: md/raid10: fix null-ptr-deref in raid10_sync_request2025-12-09
Debian
CVE-2023-53832: linux - In the Linux kernel, the following vulnerability has been resolved: md/raid10: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53832 Impact, Exploitability, and Mitigation Steps | Wiz