Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in status_resync status_resync() will calculate 'curr_resync - recovery_active' to show user a progress bar like following: [============>........] resync = 61.4% 'curr_resync' and 'recovery_active' is updated in md_do_sync(), and status_resync() can read them concurrently, hence it's possible that 'curr_resync - recovery_active' can overflow to a huge number. In this case status_resync() will be stuck in the loop to print a large amount of '=', which will end up soft lockup. Fix the problem by setting 'resync' to MD_RESYNC_ACTIVE in this case, this way resync in progress will be reported to user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.12.1, < 6.1.30 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/23309704e90859af2662bedc44101e6d1d2ece7ePatch
- https://git.kernel.org/stable/c/6efddf1e32e2a264694766ca485a4f5e04ee82a7Patch
- https://git.kernel.org/stable/c/b4acb6c3ede88d6b7d33742a09e63cfce5e7fb69Patch
FAQ
What is CVE-2023-53620?
CVE-2023-53620 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in status_resync status_resync() will calculate 'curr_resync - recovery_active' to show user a progress bar li...
How severe is CVE-2023-53620?
CVE-2023-53620 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53620?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.