CVE-2023-53791
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from export_rdev() Commit a1d767191096 ("md: use mddev->external to select holder in export_rdev()") fix the problem that 'claim_rdev' is used for blkdev_get_by_dev() while 'rdev' is used for blkdev_put(). However, if mddev->external is changed from 0 to 1, then 'rdev' is used for blkdev_get_by_dev() while 'claim_rdev' is used for blkdev_put(). And this problem can be reporduced reliably by following: New file: mdadm/tests/23rdev-lifetime devname=${dev0##*/} devt=`cat /sys/block/$devname/dev` pid="" runtime=2 clean_up_test() { pill -9 $pid echo clear > /sys/block/md0/md/array_state } trap 'clean_up_test' EXIT add_by_sysfs() { while true; do echo $devt > /sys/block/md0/md/new_dev done } remove_by_sysfs(){ while true; do echo remove > /sys/block/md0/md/dev-${devname}/state done } echo md0 > /sys/module/md_mod/parameters/new_array || die "create md0 failed" add_by_sysfs & pid="$pid $!" remove_by_sysfs & pid="$pid $!" sleep $runtime exit 0 Test cmd: ./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime Test result: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 960 at block/bdev.c:618 blkdev_put+0x27c/0x330 Modules linked in: multipath md_mod loop CPU: 0 PID: 960 Comm: test Not tainted 6.5.0-rc2-00121-g01e55c376936-dirty #50 RIP: 0010:blkdev_put+0x27c/0x330 Call Trace: <TASK> export_rdev.isra.23+0x50/0xa0 [md_mod] mddev_unlock+0x19d/0x300 [md_mod] rdev_attr_store+0xec/0x190 [md_mod] sysfs_kf_write+0x52/0x70 kernfs_fop_write_iter+0x19a/0x2a0 vfs_write+0x3b5/0x770 ksys_write+0x74/0x150 __x64_sys_write+0x22/0x30 do_syscall_64+0x40/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Fix the problem by recording if 'rdev' is used as holder.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53791
EUVD
EUVD-2023-60115
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's md (multiple device) subsystem involves a mismatch in how device holders are managed between functions export_rdev(), blkdev_get_by_dev(), and blkdev_put(). Specifically, when the mddev->external flag changes from 0 to 1, the code inconsistently uses 'rdev' and 'claim_rdev' as holders for device reference counting, leading to warnings and potential improper device handling. The issue was fixed by properly recording which holder ('rdev' or 'claim_rdev') is used to avoid mismatches.


How can this vulnerability impact me? :

This vulnerability can cause warnings and potentially improper management of block device references in the Linux kernel's md subsystem. This could lead to unstable behavior or resource management issues when adding or removing devices from md arrays, possibly affecting system stability or data integrity during such operations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running the provided test script that reproduces the issue. The test involves creating a new md device and repeatedly adding and removing a device via sysfs, which triggers the warning. The commands include running the test as follows: ./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime. Monitoring kernel logs for warnings related to blkdev_put and export_rdev in md_mod module can also indicate the presence of this issue.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to apply the fix that records if 'rdev' is used as holder, which resolves the mismatch warning. Until the fix is applied, avoid changing mddev->external from 0 to 1 to prevent triggering the issue. Monitoring kernel logs for related warnings can help identify if the problem occurs.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart