CVE-2023-54317Missing Initialization of Resource in Linux

CWE-909Missing Initialization of Resource7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the zero page. If we use dm-flakey with corrupt bio writes option, it will corrupt the content of the zero page which results in crashes of various userspace programs. Glibc assumes that memory returned by mmap is zeroed and it uses it for calloc im

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.04.19.276+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxc6cd92fcabd6cc78bb1808c6a18245c842722fc1b7f8892f672222dbfcc721f51edc03963212b249+9
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
dm flakey: don't corrupt the zero page2025-12-30
OSV
CVE-2023-54317: In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block2025-12-30
GHSA
GHSA-8m2v-q2gj-8gq3: In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a bloc2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: dm flakey: don't corrupt the zero page2025-12-30
Debian
CVE-2023-54317: linux - In the Linux kernel, the following vulnerability has been resolved: dm flakey: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54317 Impact, Exploitability, and Mitigation Steps | Wiz