CVE-2023-54324Improper Resource Locking in Linux

CWE-413Improper Resource Locking7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipath target when retrieve_deps races with multipath_message calling dm_get_device and dm_put_device. retrieve_deps walks the list of open devices without holding any lock but multipath may add or remove devices to the list while it is running. The end result may be memory corruption or use-after-free memory access. See this description of a UAF wit

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.126.1.56+1
Debianlinux/linux_kernel< 6.1.64-1+2
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2dbf1a719850577bb51fc7512a3972994b797a17b+3
debiandebian/linux< linux 6.1.64-1 (bookworm)

🔴Vulnerability Details

3
OSV
dm: fix a race condition in retrieve_deps2025-12-30
OSV
CVE-2023-54324: In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipat2025-12-30
GHSA
GHSA-jp9m-rpm6-97j7: In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multip2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: dm: fix a race condition in retrieve_deps2025-12-30
Debian
CVE-2023-54324: linux - In the Linux kernel, the following vulnerability has been resolved: dm: fix a r...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54324 Impact, Exploitability, and Mitigation Steps | Wiz