SB2025050448 - NULL pointer dereference in Linux kernel md driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2023-53044)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the alloc_dev() function in drivers/md/dm.c, within the dm_stat_in_flight() and dm_stats_init() functions in drivers/md/dm-stats.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0d96bd507ed7e7d565b6d53ebd3874686f123b2e
• https://git.kernel.org/stable/c/2287d7b721471a3d58bcd829250336e3cdf1635e
• https://git.kernel.org/stable/c/443c9d522397511a4328dc2ec3c9c63c73049756
• https://git.kernel.org/stable/c/4a32a9a818a895671bd43e0c40351e60e4e9140b
• https://git.kernel.org/stable/c/5b66e36a3efd24041b7374432bfa4dec2ff01e95
• https://git.kernel.org/stable/c/a42180dd361584816bfe15c137b665699b994d90
• https://git.kernel.org/stable/c/c68f08cc745675a17894e1b4a5b5b9700ace6da4
• https://git.kernel.org/stable/c/d3aa3e060c4a80827eb801fc448debc9daa7c46b
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.280
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.177
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.105
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.240
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.22
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3