{"id":"CVE-2023-53832","summary":"md/raid10: fix null-ptr-deref in raid10_sync_request","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null-ptr-deref in raid10_sync_request\n\ninit_resync() inits mempool and sets conf-\u003ehave_replacemnt at the beginning\nof sync, close_sync() frees the mempool when sync is completed.\n\nAfter [1] recovery might be skipped and init_resync() is called but\nclose_sync() is not. null-ptr-deref occurs with r10bio-\u003edev[i].repl_bio.\n\nThe following is one way to reproduce the issue.\n\n  1) create a array, wait for resync to complete, mddev-\u003erecovery_cp is set\n     to MaxSector.\n  2) recovery is woken and it is skipped. conf-\u003ehave_replacement is set to\n     0 in init_resync(). close_sync() not called.\n  3) some io errors and rdev A is set to WantReplacement.\n  4) a new device is added and set to A's replacement.\n  5) recovery is woken, A have replacement, but conf-\u003ehave_replacemnt is\n     0. r10bio-\u003edev[i].repl_bio will not be alloced and null-ptr-deref\n     occurs.\n\nFix it by not calling init_resync() if recovery skipped.\n\n[1] commit 7e83ccbecd60 (\"md/raid10: Allow skipping recovery when clean arrays are assembled\")","modified":"2026-04-02T09:45:22.727558Z","published":"2025-12-09T01:29:47.513Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53832.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/14964127be77884003976a392c9faa9ebaabbbe1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/38d33593260536840b49fd1dcac9aedfd14a9d42"},{"type":"WEB","url":"https://git.kernel.org/stable/c/68695084077e3de9d3e94e09238ace2b6f246446"},{"type":"WEB","url":"https://git.kernel.org/stable/c/99b503e4edc5938885d839cf0e7571963f75d800"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e9efc77efd1956cc244af975240f2513d78a371"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a405c6f0229526160aa3f177f65e20c86fce84c5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b50fd1c3d9d0175aa29ff2706ef36cc178bc356a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bdbf104b1c91fbf38f82c522ebf75429f094292a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53832.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53832"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7e83ccbecd608b971f340e951c9e84cd0343002f"},{"fixed":"38d33593260536840b49fd1dcac9aedfd14a9d42"},{"fixed":"14964127be77884003976a392c9faa9ebaabbbe1"},{"fixed":"bdbf104b1c91fbf38f82c522ebf75429f094292a"},{"fixed":"68695084077e3de9d3e94e09238ace2b6f246446"},{"fixed":"b50fd1c3d9d0175aa29ff2706ef36cc178bc356a"},{"fixed":"99b503e4edc5938885d839cf0e7571963f75d800"},{"fixed":"9e9efc77efd1956cc244af975240f2513d78a371"},{"fixed":"a405c6f0229526160aa3f177f65e20c86fce84c5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53832.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.10.0"},{"fixed":"4.19.283"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.243"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.180"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.111"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.28"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.15"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.3.0"},{"fixed":"6.3.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53832.json"}}],"schema_version":"1.7.5"}