GHSA-J393-RH49-R5P6

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

md/raid5-cache: fix a deadlock in r5l_exit_log()

Commit b13015af94cf ("md/raid5-cache: Clear conf->log after finishing work") introduce a new problem:

// caller hold reconfig_mutex r5l_exit_log flush_work(&log->disable_writeback_work) r5c_disable_writeback_async wait_event / * conf->log is not NULL, and mddev_trylock() * will fail, wait_event() can never pass. / conf->log = NULL

Fix this problem by setting 'config->log' to NULL before wake_up() as it used to be, so that wait_event() from r5c_disable_writeback_async() can exist. In the meantime, move forward md_unregister_thread() so that null-ptr-deref this commit fixed can still be fixed.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53848"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T16:17:25Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5-cache: fix a deadlock in r5l_exit_log()\n\nCommit b13015af94cf (\"md/raid5-cache: Clear conf-\u003elog after finishing\nwork\") introduce a new problem:\n\n// caller hold reconfig_mutex\nr5l_exit_log\n flush_work(\u0026log-\u003edisable_writeback_work)\n\t\t\tr5c_disable_writeback_async\n\t\t\t wait_event\n\t\t\t  /*\n\t\t\t   * conf-\u003elog is not NULL, and mddev_trylock()\n\t\t\t   * will fail, wait_event() can never pass.\n\t\t\t   */\n conf-\u003elog = NULL\n\nFix this problem by setting \u0027config-\u003elog\u0027 to NULL before wake_up() as it\nused to be, so that wait_event() from r5c_disable_writeback_async() can\nexist. In the meantime, move forward md_unregister_thread() so that\nnull-ptr-deref this commit fixed can still be fixed.",
  "id": "GHSA-j393-rh49-r5p6",
  "modified": "2025-12-09T18:30:33Z",
  "published": "2025-12-09T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53848"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/71cf23271f015a57038bdc4669952096f9fe5500"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a705b11b358dee677aad80630e7608b2d5f56691"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac9e103f282a7854f3274ef5ff0742fbbe8d7d6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c406984738215dc20ac2dc63e49d70f20797730e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.