CVE-2023-53299
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-12-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 3.3 (inc) to 4.14.315 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.283 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.243 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.180 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.111 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.28 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.2.15 (exc) |
| linux | linux_kernel | From 6.3 (inc) to 6.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the Linux kernel's RAID10 implementation where a leak of the 'r10bio->remaining' counter occurs during recovery. Specifically, when a read I/O operation fails, the recovery_request_write() function returns without issuing the corresponding write I/O, causing end_sync_request() to be called only once. This results in the 'remaining' counter not being properly decremented, leading to a resource leak and causing an I/O hang.
How can this vulnerability impact me? :
The vulnerability can cause an I/O hang in systems using RAID10 in the Linux kernel. This means that input/output operations may stall or freeze, potentially leading to degraded system performance, data access delays, or system instability during RAID10 recovery processes.