CVE-2023-53786
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a crash in the Linux kernel's device mapper 'flakey' target caused by a NULL pointer dereference when an invalid table line is used. Specifically, the crash occurs if the argument name (arg_name) is NULL and is not checked before comparison, leading to a kernel crash.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash, leading to a denial of service on affected systems using the 'flakey' device mapper target with invalid table lines. This could disrupt system availability and stability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to run the provided command that triggers the crash: dmsetup create flakey --table "0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512". If the system crashes with a NULL pointer dereference, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid running the vulnerable dmsetup command with the specified table line until the system is patched. Apply the fix that checks if arg_name is non-NULL before comparing it, which resolves the crash.