{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54324", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:35:56.209Z", "datePublished": "2025-12-30T12:37:08.337Z", "dateUpdated": "2025-12-30T12:37:08.337Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:37:08.337Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a race condition in retrieve_deps\n\nThere's a race condition in the multipath target when retrieve_deps\nraces with multipath_message calling dm_get_device and dm_put_device.\nretrieve_deps walks the list of open devices without holding any lock\nbut multipath may add or remove devices to the list while it is\nrunning. The end result may be memory corruption or use-after-free\nmemory access.\n\nSee this description of a UAF with multipath_message():\nhttps://listman.redhat.com/archives/dm-devel/2022-October/052373.html\n\nFix this bug by introducing a new rw semaphore \"devices_lock\". We grab\ndevices_lock for read in retrieve_deps and we grab it for write in\ndm_get_device and dm_put_device."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-core.h", "drivers/md/dm-ioctl.c", "drivers/md/dm-table.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "dbf1a719850577bb51fc7512a3972994b797a17b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f6007dce0cd35d634d9be91ef3515a6385dcee16", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-core.h", "drivers/md/dm-ioctl.c", "drivers/md/dm-table.c"], "versions": [{"version": "6.1.56", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.5", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.56"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.5.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/dbf1a719850577bb51fc7512a3972994b797a17b"}, {"url": "https://git.kernel.org/stable/c/38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf"}, {"url": "https://git.kernel.org/stable/c/f6007dce0cd35d634d9be91ef3515a6385dcee16"}], "title": "dm: fix a race condition in retrieve_deps", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a race condition in retrieve_deps\n\nThere's a race condition in the multipath target when retrieve_deps\nraces with multipath_message calling dm_get_device and dm_put_device.\nretrieve_deps walks the list of open devices without holding any lock\nbut multipath may add or remove devices to the list while it is\nrunning. The end result may be memory corruption or use-after-free\nmemory access.\n\nSee this description of a UAF with multipath_message():\nhttps://listman.redhat.com/archives/dm-devel/2022-October/052373.html\n\nFix this bug by introducing a new rw semaphore \"devices_lock\". We grab\ndevices_lock for read in retrieve_deps and we grab it for write in\ndm_get_device and dm_put_device."}], "id": "CVE-2023-54324", "lastModified": "2025-12-30T13:16:21.733", "metrics": {}, "published": "2025-12-30T13:16:21.733", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dbf1a719850577bb51fc7512a3972994b797a17b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f6007dce0cd35d634d9be91ef3515a6385dcee16"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}