{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53210","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-15T13:59:19.069Z","datePublished":"2025-09-15T14:21:38.534Z","dateUpdated":"2026-05-11T19:40:24.649Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:40:24.649Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()\n\nr5l_flush_stripe_to_raid() will check if the list 'flushing_ios' is\nempty, and then submit 'flush_bio', however, r5l_log_flush_endio()\nis clearing the list first and then clear the bio, which will cause\nnull-ptr-deref:\n\nT1: submit flush io\nraid5d\n handle_active_stripes\n  r5l_flush_stripe_to_raid\n   // list is empty\n   // add 'io_end_ios' to the list\n   bio_init\n   submit_bio\n   // io1\n\nT2: io1 is done\nr5l_log_flush_endio\n list_splice_tail_init\n // clear the list\n\t\t\tT3: submit new flush io\n\t\t\t...\n\t\t\tr5l_flush_stripe_to_raid\n\t\t\t // list is empty\n\t\t\t // add 'io_end_ios' to the list\n\t\t\t bio_init\n bio_uninit\n // clear bio->bi_blkg\n\t\t\t submit_bio\n\t\t\t // null-ptr-deref\n\nFix this problem by clearing bio before clearing the list in\nr5l_log_flush_endio()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/raid5-cache.c"],"versions":[{"version":"0dd00cba99c352dc9afd62979f350d808c215cb9","lessThan":"711fb92606208a8626b785da4f9f23d648a5b6c8","status":"affected","versionType":"git"},{"version":"0dd00cba99c352dc9afd62979f350d808c215cb9","lessThan":"7a8b6d93991bf4b72b3f959baea35397c6c8e521","status":"affected","versionType":"git"},{"version":"0dd00cba99c352dc9afd62979f350d808c215cb9","lessThan":"e46b2e7be8059d156af8c011dd8d665229b65886","status":"affected","versionType":"git"},{"version":"0dd00cba99c352dc9afd62979f350d808c215cb9","lessThan":"0d0bd28c500173bfca78aa840f8f36d261ef1765","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/raid5-cache.c"],"versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","status":"unaffected","versionType":"semver"},{"version":"6.1.53","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.16","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5.3","lessThanOrEqual":"6.5.*","status":"unaffected","versionType":"semver"},{"version":"6.6","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.4.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.5.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/711fb92606208a8626b785da4f9f23d648a5b6c8"},{"url":"https://git.kernel.org/stable/c/7a8b6d93991bf4b72b3f959baea35397c6c8e521"},{"url":"https://git.kernel.org/stable/c/e46b2e7be8059d156af8c011dd8d665229b65886"},{"url":"https://git.kernel.org/stable/c/0d0bd28c500173bfca78aa840f8f36d261ef1765"}],"title":"md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53210","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T17:48:25.419997Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T17:52:57.015Z"}}]}}