CVE-2023-53620
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-02-05
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's md (multiple device) subsystem where the status_resync() function calculates a progress value by subtracting 'recovery_active' from 'curr_resync'. Because these values are updated concurrently without synchronization, the subtraction can overflow to a very large number. This causes status_resync() to enter a loop printing a large number of '=' characters, resulting in a soft lockup (the system appears to hang). The fix sets the progress value to a constant (MD_RESYNC_ACTIVE) when an overflow would occur, preventing the lockup and correctly reporting resync progress.
How can this vulnerability impact me? :
This vulnerability can cause a soft lockup in the Linux kernel during disk resynchronization, which means the system may become unresponsive or hang temporarily. This can disrupt normal operations, potentially causing downtime or degraded performance while the resync status is being reported incorrectly.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed Linux kernel version that resolves the soft lockup issue in status_resync(). This fix prevents the overflow condition causing the soft lockup by correctly setting the resync progress indicator.