Linux Kernel Slab-out-of-Bounds Vulnerability in RAID10 Implementation
CVE-2023-53357

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 September 2025

What is CVE-2023-53357?

A vulnerability in the Linux kernel's RAID10 implementation could allow an attacker to exploit the md_bitmap_get_counter function. When a large value is written to md/bitmap_set_bits, the system may face a slab-out-of-bounds situation due to improper error handling within the md_bitmap_get_counter function. By failing to check if the page exceeds the allocated bitmap pages, the function risks manipulating memory incorrectly, potentially leading to system instabilities and security concerns.

Affected Version(s)

Linux ef4256733506f2459a0c436b62267d22a3f0cec6 < 374fb914304d9b500721007f3837ea8f1f9a2418

Linux ef4256733506f2459a0c436b62267d22a3f0cec6

Linux ef4256733506f2459a0c436b62267d22a3f0cec6 < 39fa14e824acfd470db4f42c354297456bd82b53

References

https://git.kernel.org/stable/c/374fb914304d9b500721007f3...

https://git.kernel.org/stable/c/b0b971fe7d61411ede63c3291...

https://git.kernel.org/stable/c/39fa14e824acfd470db4f42c3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 16, 2025