Block Device Zeroing Vulnerability in Linux Kernel Affecting Various Userspace Programs
CVE-2023-54317

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 December 2025

What is CVE-2023-54317?

A vulnerability in the Linux kernel allows for the corruption of the zero page when using the dm-flakey module with corrupt bio writes. This leads to inconsistencies in memory management—specifically, the memory returned by mmap may not be as expected, causing the calloc function to return non-zeroed memory. As a result, this can trigger crashes in multiple userspace applications relying on the assumption that zero pages remain unaltered. To mitigate this issue, a fix was implemented to verify the legitimacy of the zero page before any operations are performed, thereby ensuring stability in memory allocation.

Affected Version(s)

Linux c6cd92fcabd6cc78bb1808c6a18245c842722fc1

Linux d4c637af2e56ee1ec66ee34d0ac5a13c75911aec < 98e311be44dbe31ad9c42aa067b2359bac451fda

Linux a00f5276e26636cbf72f24f79831026d2e2868e7 < 3c4a56ef7c538d16c1738ba0ccea9e7146105b5a

References

https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51...

https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa06...

https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0c...

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 30, 2025

JSON