Bug 2402268 (CVE-2023-53620) - CVE-2023-53620 kernel: md: fix soft lockup in status_resync
Summary: CVE-2023-53620 kernel: md: fix soft lockup in status_resync
Keywords:
Status: NEW
Alias: CVE-2023-53620
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-07 16:06 UTC by OSIDB Bzimport
Modified: 2025-10-15 07:12 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-07 16:06:32 UTC 
In the Linux kernel, the following vulnerability has been resolved:

md: fix soft lockup in status_resync

status_resync() will calculate 'curr_resync - recovery_active' to show
user a progress bar like following:

[============>........]  resync = 61.4%

'curr_resync' and 'recovery_active' is updated in md_do_sync(), and
status_resync() can read them concurrently, hence it's possible that
'curr_resync - recovery_active' can overflow to a huge number. In this
case status_resync() will be stuck in the loop to print a large amount
of '=', which will end up soft lockup.

Fix the problem by setting 'resync' to MD_RESYNC_ACTIVE in this case,
this way resync in progress will be reported to user.
Comment 1 Jon Moroney 2025-10-07 20:36:57 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53620-3924@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.