CVE-2023-54317 (GCVE-0-2023-54317)
Vulnerability from cvelistv5 – Published: 2025-12-30 12:23 – Updated: 2025-12-30 12:23
VLAI?
Title
dm flakey: don't corrupt the zero page
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm flakey: don't corrupt the zero page
When we need to zero some range on a block device, the function
__blkdev_issue_zero_pages submits a write bio with the bio vector pointing
to the zero page. If we use dm-flakey with corrupt bio writes option, it
will corrupt the content of the zero page which results in crashes of
various userspace programs. Glibc assumes that memory returned by mmap is
zeroed and it uses it for calloc implementation; if the newly mapped
memory is not zeroed, calloc will return non-zeroed memory.
Fix this bug by testing if the page is equal to ZERO_PAGE(0) and
avoiding the corruption in this case.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
c6cd92fcabd6cc78bb1808c6a18245c842722fc1 , < b7f8892f672222dbfcc721f51edc03963212b249
(git)
Affected: d4c637af2e56ee1ec66ee34d0ac5a13c75911aec , < 98e311be44dbe31ad9c42aa067b2359bac451fda (git) Affected: a00f5276e26636cbf72f24f79831026d2e2868e7 , < 3c4a56ef7c538d16c1738ba0ccea9e7146105b5a (git) Affected: a00f5276e26636cbf72f24f79831026d2e2868e7 , < f2b478228bfdd11e358c5bc197561331f5d5c394 (git) Affected: a00f5276e26636cbf72f24f79831026d2e2868e7 , < ff60b2bb680ebcaf8890814dd51084a022891469 (git) Affected: a00f5276e26636cbf72f24f79831026d2e2868e7 , < be360c83f2d810493c04f999d69ec9152981e0c0 (git) Affected: a00f5276e26636cbf72f24f79831026d2e2868e7 , < 63d31617883d64b43b0e2d529f0751f40713ecae (git) Affected: a00f5276e26636cbf72f24f79831026d2e2868e7 , < f50714b57aecb6b3dc81d578e295f86d9c73f078 (git) Affected: 1ed7c9f45fb893877ffa7cedd7aa61beaadbb328 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-flakey.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b7f8892f672222dbfcc721f51edc03963212b249",
"status": "affected",
"version": "c6cd92fcabd6cc78bb1808c6a18245c842722fc1",
"versionType": "git"
},
{
"lessThan": "98e311be44dbe31ad9c42aa067b2359bac451fda",
"status": "affected",
"version": "d4c637af2e56ee1ec66ee34d0ac5a13c75911aec",
"versionType": "git"
},
{
"lessThan": "3c4a56ef7c538d16c1738ba0ccea9e7146105b5a",
"status": "affected",
"version": "a00f5276e26636cbf72f24f79831026d2e2868e7",
"versionType": "git"
},
{
"lessThan": "f2b478228bfdd11e358c5bc197561331f5d5c394",
"status": "affected",
"version": "a00f5276e26636cbf72f24f79831026d2e2868e7",
"versionType": "git"
},
{
"lessThan": "ff60b2bb680ebcaf8890814dd51084a022891469",
"status": "affected",
"version": "a00f5276e26636cbf72f24f79831026d2e2868e7",
"versionType": "git"
},
{
"lessThan": "be360c83f2d810493c04f999d69ec9152981e0c0",
"status": "affected",
"version": "a00f5276e26636cbf72f24f79831026d2e2868e7",
"versionType": "git"
},
{
"lessThan": "63d31617883d64b43b0e2d529f0751f40713ecae",
"status": "affected",
"version": "a00f5276e26636cbf72f24f79831026d2e2868e7",
"versionType": "git"
},
{
"lessThan": "f50714b57aecb6b3dc81d578e295f86d9c73f078",
"status": "affected",
"version": "a00f5276e26636cbf72f24f79831026d2e2868e7",
"versionType": "git"
},
{
"status": "affected",
"version": "1ed7c9f45fb893877ffa7cedd7aa61beaadbb328",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-flakey.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.308",
"versionStartIncluding": "4.14.158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.276",
"versionStartIncluding": "4.19.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.235",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm flakey: don\u0027t corrupt the zero page\n\nWhen we need to zero some range on a block device, the function\n__blkdev_issue_zero_pages submits a write bio with the bio vector pointing\nto the zero page. If we use dm-flakey with corrupt bio writes option, it\nwill corrupt the content of the zero page which results in crashes of\nvarious userspace programs. Glibc assumes that memory returned by mmap is\nzeroed and it uses it for calloc implementation; if the newly mapped\nmemory is not zeroed, calloc will return non-zeroed memory.\n\nFix this bug by testing if the page is equal to ZERO_PAGE(0) and\navoiding the corruption in this case."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T12:23:47.232Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51edc03963212b249"
},
{
"url": "https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa067b2359bac451fda"
},
{
"url": "https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0ccea9e7146105b5a"
},
{
"url": "https://git.kernel.org/stable/c/f2b478228bfdd11e358c5bc197561331f5d5c394"
},
{
"url": "https://git.kernel.org/stable/c/ff60b2bb680ebcaf8890814dd51084a022891469"
},
{
"url": "https://git.kernel.org/stable/c/be360c83f2d810493c04f999d69ec9152981e0c0"
},
{
"url": "https://git.kernel.org/stable/c/63d31617883d64b43b0e2d529f0751f40713ecae"
},
{
"url": "https://git.kernel.org/stable/c/f50714b57aecb6b3dc81d578e295f86d9c73f078"
}
],
"title": "dm flakey: don\u0027t corrupt the zero page",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-54317",
"datePublished": "2025-12-30T12:23:47.232Z",
"dateReserved": "2025-12-30T12:06:44.531Z",
"dateUpdated": "2025-12-30T12:23:47.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-54317\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:20.973\",\"lastModified\":\"2025-12-30T13:16:20.973\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndm flakey: don\u0027t corrupt the zero page\\n\\nWhen we need to zero some range on a block device, the function\\n__blkdev_issue_zero_pages submits a write bio with the bio vector pointing\\nto the zero page. If we use dm-flakey with corrupt bio writes option, it\\nwill corrupt the content of the zero page which results in crashes of\\nvarious userspace programs. Glibc assumes that memory returned by mmap is\\nzeroed and it uses it for calloc implementation; if the newly mapped\\nmemory is not zeroed, calloc will return non-zeroed memory.\\n\\nFix this bug by testing if the page is equal to ZERO_PAGE(0) and\\navoiding the corruption in this case.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0ccea9e7146105b5a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/63d31617883d64b43b0e2d529f0751f40713ecae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa067b2359bac451fda\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51edc03963212b249\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/be360c83f2d810493c04f999d69ec9152981e0c0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f2b478228bfdd11e358c5bc197561331f5d5c394\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f50714b57aecb6b3dc81d578e295f86d9c73f078\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ff60b2bb680ebcaf8890814dd51084a022891469\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…