PT-2025-37652 · Linux+5 · Linux Kernel+5

Published

2023-08-15

·

Updated

2026-04-14

·

CVE-2023-53210

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A null-pointer dereference issue was identified in the r5l flush stripe to raid() function within the md/raid5-cache module of the Linux kernel. The issue occurs because the flushing ios list is cleared before the associated bio structure is cleared, leading to a potential null-pointer dereference when a new flush I/O is submitted. Specifically, the r5l log flush endio() function clears the list first and then clears the bio, which can cause a null-pointer dereference when submit bio is called. The sequence involves submitting a flush I/O, handling active stripes, adding an io end ios to the list, initializing a bio, submitting the bio, and then, in a separate thread, clearing the list and bio before a new flush I/O is submitted.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-366CWE-476

Related Identifiers

ALSA-2025_16880
BDU:2026-02053
CESA-2024_3138
CVE-2023-53210
RHSA-2024:2394
RHSA-2024:3138
RHSA-2024_2394
RHSA-2024_3138
SUSE-SU-2025:03600-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1

Affected Products

Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Suse