CVE-2023-54324 (GCVE-0-2023-54324)
Vulnerability from cvelistv5
Published
2025-12-30 12:37
Modified
2025-12-30 12:37
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: dm: fix a race condition in retrieve_deps There's a race condition in the multipath target when retrieve_deps races with multipath_message calling dm_get_device and dm_put_device. retrieve_deps walks the list of open devices without holding any lock but multipath may add or remove devices to the list while it is running. The end result may be memory corruption or use-after-free memory access. See this description of a UAF with multipath_message(): https://listman.redhat.com/archives/dm-devel/2022-October/052373.html Fix this bug by introducing a new rw semaphore "devices_lock". We grab devices_lock for read in retrieve_deps and we grab it for write in dm_get_device and dm_put_device.
References
Impacted products
Vendor Product Version
Linux Linux Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-core.h",
            "drivers/md/dm-ioctl.c",
            "drivers/md/dm-table.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dbf1a719850577bb51fc7512a3972994b797a17b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f6007dce0cd35d634d9be91ef3515a6385dcee16",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-core.h",
            "drivers/md/dm-ioctl.c",
            "drivers/md/dm-table.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.56",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a race condition in retrieve_deps\n\nThere\u0027s a race condition in the multipath target when retrieve_deps\nraces with multipath_message calling dm_get_device and dm_put_device.\nretrieve_deps walks the list of open devices without holding any lock\nbut multipath may add or remove devices to the list while it is\nrunning. The end result may be memory corruption or use-after-free\nmemory access.\n\nSee this description of a UAF with multipath_message():\nhttps://listman.redhat.com/archives/dm-devel/2022-October/052373.html\n\nFix this bug by introducing a new rw semaphore \"devices_lock\". We grab\ndevices_lock for read in retrieve_deps and we grab it for write in\ndm_get_device and dm_put_device."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:37:08.337Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dbf1a719850577bb51fc7512a3972994b797a17b"
        },
        {
          "url": "https://git.kernel.org/stable/c/38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6007dce0cd35d634d9be91ef3515a6385dcee16"
        }
      ],
      "title": "dm: fix a race condition in retrieve_deps",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54324",
    "datePublished": "2025-12-30T12:37:08.337Z",
    "dateReserved": "2025-12-30T12:35:56.209Z",
    "dateUpdated": "2025-12-30T12:37:08.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54324\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:21.733\",\"lastModified\":\"2025-12-30T13:16:21.733\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndm: fix a race condition in retrieve_deps\\n\\nThere\u0027s a race condition in the multipath target when retrieve_deps\\nraces with multipath_message calling dm_get_device and dm_put_device.\\nretrieve_deps walks the list of open devices without holding any lock\\nbut multipath may add or remove devices to the list while it is\\nrunning. The end result may be memory corruption or use-after-free\\nmemory access.\\n\\nSee this description of a UAF with multipath_message():\\nhttps://listman.redhat.com/archives/dm-devel/2022-October/052373.html\\n\\nFix this bug by introducing a new rw semaphore \\\"devices_lock\\\". We grab\\ndevices_lock for read in retrieve_deps and we grab it for write in\\ndm_get_device and dm_put_device.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dbf1a719850577bb51fc7512a3972994b797a17b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f6007dce0cd35d634d9be91ef3515a6385dcee16\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.