{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53832","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-09T01:27:17.825Z","datePublished":"2025-12-09T01:29:47.513Z","dateUpdated":"2026-05-11T19:52:23.953Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:52:23.953Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null-ptr-deref in raid10_sync_request\n\ninit_resync() inits mempool and sets conf->have_replacemnt at the beginning\nof sync, close_sync() frees the mempool when sync is completed.\n\nAfter [1] recovery might be skipped and init_resync() is called but\nclose_sync() is not. null-ptr-deref occurs with r10bio->dev[i].repl_bio.\n\nThe following is one way to reproduce the issue.\n\n  1) create a array, wait for resync to complete, mddev->recovery_cp is set\n     to MaxSector.\n  2) recovery is woken and it is skipped. conf->have_replacement is set to\n     0 in init_resync(). close_sync() not called.\n  3) some io errors and rdev A is set to WantReplacement.\n  4) a new device is added and set to A's replacement.\n  5) recovery is woken, A have replacement, but conf->have_replacemnt is\n     0. r10bio->dev[i].repl_bio will not be alloced and null-ptr-deref\n     occurs.\n\nFix it by not calling init_resync() if recovery skipped.\n\n[1] commit 7e83ccbecd60 (\"md/raid10: Allow skipping recovery when clean arrays are assembled\")"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/raid10.c"],"versions":[{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"38d33593260536840b49fd1dcac9aedfd14a9d42","status":"affected","versionType":"git"},{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"14964127be77884003976a392c9faa9ebaabbbe1","status":"affected","versionType":"git"},{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"bdbf104b1c91fbf38f82c522ebf75429f094292a","status":"affected","versionType":"git"},{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"68695084077e3de9d3e94e09238ace2b6f246446","status":"affected","versionType":"git"},{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"b50fd1c3d9d0175aa29ff2706ef36cc178bc356a","status":"affected","versionType":"git"},{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"99b503e4edc5938885d839cf0e7571963f75d800","status":"affected","versionType":"git"},{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"9e9efc77efd1956cc244af975240f2513d78a371","status":"affected","versionType":"git"},{"version":"7e83ccbecd608b971f340e951c9e84cd0343002f","lessThan":"a405c6f0229526160aa3f177f65e20c86fce84c5","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/raid10.c"],"versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","status":"unaffected","versionType":"semver"},{"version":"4.19.283","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.243","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.180","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.111","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.28","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.15","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3.2","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"4.19.283"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.4.243"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.180"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.15.111"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.1.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.2.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.3.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/38d33593260536840b49fd1dcac9aedfd14a9d42"},{"url":"https://git.kernel.org/stable/c/14964127be77884003976a392c9faa9ebaabbbe1"},{"url":"https://git.kernel.org/stable/c/bdbf104b1c91fbf38f82c522ebf75429f094292a"},{"url":"https://git.kernel.org/stable/c/68695084077e3de9d3e94e09238ace2b6f246446"},{"url":"https://git.kernel.org/stable/c/b50fd1c3d9d0175aa29ff2706ef36cc178bc356a"},{"url":"https://git.kernel.org/stable/c/99b503e4edc5938885d839cf0e7571963f75d800"},{"url":"https://git.kernel.org/stable/c/9e9efc77efd1956cc244af975240f2513d78a371"},{"url":"https://git.kernel.org/stable/c/a405c6f0229526160aa3f177f65e20c86fce84c5"}],"title":"md/raid10: fix null-ptr-deref in raid10_sync_request","x_generator":{"engine":"bippy-1.2.0"}}}}