2405756 – (CVE-2023-53722) CVE-2023-53722 kernel: md: raid1: fix potential OOB in raid1_remove_disk()

Bug 2405756 (CVE-2023-53722) - CVE-2023-53722 kernel: md: raid1: fix potential OOB in raid1_remove_disk()

Summary: CVE-2023-53722 kernel: md: raid1: fix potential OOB in raid1_remove_disk()

Keywords:
Status:	NEW
Alias:	CVE-2023-53722
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-22 14:04 UTC by OSIDB Bzimport
Modified:	2025-10-29 10:15 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-22 14:04:48 UTC

In the Linux kernel, the following vulnerability has been resolved:

md: raid1: fix potential OOB in raid1_remove_disk()

If rddev->raid_disk is greater than mddev->raid_disks, there will be
an out-of-bounds in raid1_remove_disk(). We have already found
similar reports as follows:

1) commit d17f744e883b ("md-raid10: fix KASAN warning")
2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk")

Fix this bug by checking whether the "number" variable is
valid.

Comment 1 Jon Moroney 2025-10-22 16:54:01 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53722-f3ab@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.