CVE-2023-54317 | dm flakey: don't corrupt the zero page

In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the zero page. If we use dm-flakey with corrupt bio writes option, it will corrupt the content of the zero page which results in crashes of various userspace programs. Glibc assumes that memory returned by mmap is zeroed and it uses it for calloc implementation; if the newly mapped memory is not zeroed, calloc will return non-zeroed memory. Fix this bug by testing if the page is equal to ZERO_PAGE(0) and avoiding the corruption in this case.

Published: 2025-12-30 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2023-54317 is rated Low Risk (8.7/100): low exploitation likelihood (EPSS 0.19%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-54317

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.02%	0.19%	+0.16%
2	2025-12-31	—	0.02%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-54317

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-54317

OS Trackers for CVE-2023-54317

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2023-54317 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2023-54317
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2023-54317
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2023-54317/
`ubuntu`	medium	CVE-2023-54317 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 174, released 130, not-affected 75, needed 15, needs-triage 1.	https://ubuntu.com/security/CVE-2023-54317

Affected software / configurations for CVE-2023-54317

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2023-54317

URL	Tags
https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0ccea9e7146105b5a
https://git.kernel.org/stable/c/63d31617883d64b43b0e2d529f0751f40713ecae
https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa067b2359bac451fda
https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51edc03963212b249
https://git.kernel.org/stable/c/be360c83f2d810493c04f999d69ec9152981e0c0
https://git.kernel.org/stable/c/f2b478228bfdd11e358c5bc197561331f5d5c394
https://git.kernel.org/stable/c/f50714b57aecb6b3dc81d578e295f86d9c73f078
https://git.kernel.org/stable/c/ff60b2bb680ebcaf8890814dd51084a022891469

cvelogic Threat Intelligence