md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
CVE-2023-53380

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2025

What is CVE-2023-53380?

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request

There are two check of 'mreplace' in raid10_sync_request(). In the first check, 'need_replace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists, In the second check, 'mreplace' will be set to NULL if it is Faulty, but 'need_replace' will not be changed accordingly. null-ptr-deref occurs if Faulty is set between two check.

Fix it by merging two checks into one. And replace 'need_replace' with 'mreplace' because their values are always the same.

Affected Version(s)

Linux ee37d7314a32ab6809eacc3389bad0406c69a81f < 45fa023b3334a7ae6f6c4eb977295804222dfa28

Linux ee37d7314a32ab6809eacc3389bad0406c69a81f < 2990e2ece18dd4cca71b3109c80517ad94adb065

Linux ee37d7314a32ab6809eacc3389bad0406c69a81f

References

https://git.kernel.org/stable/c/45fa023b3334a7ae6f6c4eb97...
https://git.kernel.org/stable/c/2990e2ece18dd4cca71b3109c...
https://git.kernel.org/stable/c/f4368a462b1f9a8ecc2fdb09a...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53380 : Null Pointer Dereference in Linux Kernel RAID10 Functionality