Improper Memory Management in Linux Kernel's md Component
CVE-2023-53665

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 October 2025

What is CVE-2023-53665?

The vulnerability in the Linux kernel's md component arises from improper handling of memory references. Specifically, after the execution of the export_rdev() function, the associated mddev object may become invalid if the last reference is freed. This can lead to potential system crashes and undefined behavior, as dereferencing an invalid memory address can trigger general protection faults. Addressing this issue requires ensuring that mddev is not referenced after export_rdev() has been called, thus maintaining system integrity and preventing unexpected failures.

Affected Version(s)

Linux 3ce94ce5d05ae89190a23f6187f64d8f4b2d3782

Linux 3ce94ce5d05ae89190a23f6187f64d8f4b2d3782 < 7deac114be5fb25a4e865212ed0feaf5f85f2a28

Linux 6.5

References

https://git.kernel.org/stable/c/ad430ad0669d2757377373390...

https://git.kernel.org/stable/c/7deac114be5fb25a4e865212e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Oct 7, 2025

JSON