{"id":"CVE-2023-53481","summary":"ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed\n\nFollowing process will trigger an infinite loop in ubi_wl_put_peb():\n\n\tubifs_bgt\t\tubi_bgt\nubifs_leb_unmap\n  ubi_leb_unmap\n    ubi_eba_unmap_leb\n      ubi_wl_put_peb\twear_leveling_worker\n                          e1 = rb_entry(rb_first(&ubi-\u003eused)\n\t\t\t  e2 = get_peb_for_wl(ubi)\n\t\t\t  ubi_io_read_vid_hdr  // return err (flash fault)\n\t\t\t  out_error:\n\t\t\t    ubi-\u003emove_from = ubi-\u003emove_to = NULL\n\t\t\t    wl_entry_destroy(ubi, e1)\n\t\t\t      ubi-\u003elookuptbl[e-\u003epnum] = NULL\n      retry:\n        e = ubi-\u003elookuptbl[pnum];\t// return NULL\n\tif (e == ubi-\u003emove_from) {\t// NULL == NULL gets true\n\t  goto retry;\t\t\t// infinite loop !!!\n\n$ top\n  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     COMMAND\n  7676 root     20   0       0      0      0 R 100.0  0.0  ubifs_bgt0_0\n\nFix it by:\n 1) Letting ubi_wl_put_peb() returns directly if wearl leveling entry has\n    been removed from 'ubi-\u003elookuptbl'.\n 2) Using 'ubi-\u003ewl_lock' protecting wl entry deletion to preventing an\n    use-after-free problem for wl entry in ubi_wl_put_peb().\n\nFetch a reproducer in [Link].","modified":"2026-04-02T09:44:17.069528Z","published":"2025-10-01T11:42:49.825Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53481.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3afaaf6f5867dc4ad383808d4053f428ec7b867d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4d57a7333e26040f2b583983e1970d9d460e56b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5af1c643184a5d09ff5b3f334077a4d0a163c677"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a18856e074479bd050b01e688c58defadce7ab0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b40d2fbf47af58377e898b5062077a47bb28a132"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5be23f6ae610bdb262160a1f294afee6d0e6a69"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc4bc532acda66189bddc03b3fe1ad689d9a48a2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f006f596fe851c3b6aae60b79f89f89f0e515d2f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53481.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53481"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"43f9b25a9cdd7b177f77f026b1461abd1abbd174"},{"fixed":"b40d2fbf47af58377e898b5062077a47bb28a132"},{"fixed":"f006f596fe851c3b6aae60b79f89f89f0e515d2f"},{"fixed":"b5be23f6ae610bdb262160a1f294afee6d0e6a69"},{"fixed":"8a18856e074479bd050b01e688c58defadce7ab0"},{"fixed":"3afaaf6f5867dc4ad383808d4053f428ec7b867d"},{"fixed":"cc4bc532acda66189bddc03b3fe1ad689d9a48a2"},{"fixed":"5af1c643184a5d09ff5b3f334077a4d0a163c677"},{"fixed":"4d57a7333e26040f2b583983e1970d9d460e56b0"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53481.json"}}],"schema_version":"1.7.5"}