PT-2025-49723 · Linux+2 · Linux Kernel+2

Published

2025-12-09

·

Updated

2026-02-24

·

CVE-2023-53832

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel's md/raid10 component, specifically within the raid10 sync request function. The issue involves a null pointer dereference that can occur when recovery is skipped and init resync() is called, but close sync() is not. This can happen after an array resynchronization completes, leading to a scenario where r10bio->dev[i].repl bio is accessed without being allocated, resulting in a null pointer dereference. The root cause is related to the handling of device replacement during recovery processes.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2023-53832
OESA-2026-1231
RHSA-2023:6583
RHSA-2023:7077
RHSA-2023:7539
SUSE-SU-2026:0263-1
SUSE-SU-2026:0316-1
SUSE-SU-2026:0317-1
SUSE-SU-2026:0411-1
SUSE-SU-2026:0617-1

Affected Products

Centos
Linux Kernel
Red Hat