2426017 – (CVE-2023-54317) CVE-2023-54317 kernel: dm flakey: don't corrupt the zero page

Bug 2426017 (CVE-2023-54317) - CVE-2023-54317 kernel: dm flakey: don't corrupt the zero page

Summary: CVE-2023-54317 kernel: dm flakey: don't corrupt the zero page

Keywords:
Status:	NEW
Alias:	CVE-2023-54317
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-30 13:02 UTC by OSIDB Bzimport
Modified:	2026-03-02 23:06 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-30 13:02:18 UTC

In the Linux kernel, the following vulnerability has been resolved:

dm flakey: don't corrupt the zero page

When we need to zero some range on a block device, the function
__blkdev_issue_zero_pages submits a write bio with the bio vector pointing
to the zero page. If we use dm-flakey with corrupt bio writes option, it
will corrupt the content of the zero page which results in crashes of
various userspace programs. Glibc assumes that memory returned by mmap is
zeroed and it uses it for calloc implementation; if the newly mapped
memory is not zeroed, calloc will return non-zeroed memory.

Fix this bug by testing if the page is equal to ZERO_PAGE(0) and
avoiding the corruption in this case.

Comment 1 Alexander B 2025-12-31 15:24:00 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025123037-CVE-2023-54317-4750@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.