CVE-2023-53151 [Medium] | Information Disclosure in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: md/raid10: prevent soft lockup while flush writes Currently, there is no limit for raid1/raid10 plugged bio. While flushing writes, raid1 has cond_resched() while raid10 doesn't, and too many writes can cause soft lockup. Follow up soft lockup can be triggered easily with writeback test for raid10 with ramdisks: watchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293] Call Trace: <TASK> call_rcu+0x16/0x20 put_object+0x41/0x80 __delete_object+0x50/0x90 delete_object_full+0x2b/0x40 kmemleak_free+0x46/0xa0 slab_free_freelist_hook.constprop.0+0xed/0x1a0 kmem_cache_free+0xfd/0x300 mempool_free_slab+0x1f/0x30 mempool_free+0x3a/0x100 bio_free+0x59/0x80 bio_put+0xcf/0x2c0 free_r10bio+0xbf/0xf0 raid_end_bio_io+0x78/0xb0 one_write_done+0x8a/0xa0 raid10_end_write_request+0x1b4/0x430 bio_endio+0x175/0x320 brd_submit_bio+0x3b9/0x9b7 [brd] __submit_bio+0x69/0xe0 submit_bio_noacct_nocheck+0x1e6/0x5a0 submit_bio_noacct+0x38c/0x7e0 flush_pending_writes+0xf0/0x240 raid10d+0xac/0x1ed0 Fix the problem by adding cond_resched() to raid10 like what raid1 did. Note that unlimited plugged bio still need to be optimized, for example, in the case of lots of dirty pages writeback, this will take lots of memory and io will spend a long time in plug, hence io latency is bad.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-09-16	—	0.02%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-09-16

—

0.02%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.5

3.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.8

3.6

[email protected]

OS Trackers for CVE-2023-53151

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2023-53151 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2023-53151
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2023-53151
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2023-53151/
`ubuntu`	medium	CVE-2023-53151 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1414 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1017, ignored 162, released 142, not-affected 72, needed 20, needs-triage 1.	https://ubuntu.com/security/CVE-2023-53151

Affected software / configurations for CVE-2023-53151

Vendor	Product	Version	Raw CPE
linux	linux_kernel	< 4.14.322	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.15, < 4.19.291	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.20, < 5.4.251	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.5, < 5.10.188	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.11, < 5.15.150	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.16, < 6.1.83	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.2, < 6.4.7	cpe:2.3:o:linux:linux_kernel::::::::

References for CVE-2023-53151

URL	Tags
https://git.kernel.org/stable/c/00ecb6fa67c0f772290c5ea5ae8b46eefd503b83	Patch
https://git.kernel.org/stable/c/010444623e7f4da6b4a4dd603a7da7469981e293	Patch
https://git.kernel.org/stable/c/1d467e10507167eb6dc2c281a87675b731955d86	Patch
https://git.kernel.org/stable/c/634daf6b2c81015cc5e28bf694a6a94a50c641cd	Patch
https://git.kernel.org/stable/c/84a578961b2566e475bfa8740beaf0abcc781a6f	Patch
https://git.kernel.org/stable/c/d0345f7c7dbc5d42e4e6f1db99c1c1879d7b0eb5	Patch
https://git.kernel.org/stable/c/f45b2fa7678ab385299de345f7e85d05caea386b	Patch
https://git.kernel.org/stable/c/fbf50184190d55f8717bd29aa9530c399be96f30	Patch

URL

CVE-2023-53151 | md/raid10: prevent soft lockup while flush writes

Exploit prediction scoring system (EPSS) score for CVE-2023-53151

Common vulnerability scoring system (CVSS) metrics for CVE-2023-53151

Weakness enumeration for CVE-2023-53151

OS Trackers for CVE-2023-53151

Affected software / configurations for CVE-2023-53151

References for CVE-2023-53151