CVE-2023-53620

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has a flaw related to the md (Multiple Devices) subsystem. Specifically, the status resync() function can experience a soft lockup during the calculation of 'curr resync - recovery active' when displaying a progress bar. This occurs because curr resync and recovery active are updated in md do sync() and read concurrently by status resync(), potentially causing an overflow resulting in the function getting stuck in a loop. The issue is resolved by setting resync to MD RESYNC ACTIVE in such cases, ensuring accurate progress reporting.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-404

Related Identifiers

ALSA-2025_16880

AZL-76641

BDU:2026-01462

CESA-2023_7077

CVE-2023-53620

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023:7539

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:4189-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Suse

CVE-2023-53620

Weakness Enumeration

Related Identifiers

Affected Products

References · 314