{ "threat_severity" : "Low", "public_date" : "2025-09-15T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: md/raid10 soft lockup due to unlimited plugged bio", "id" : "2395410", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2395410" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmd/raid10: prevent soft lockup while flush writes\nCurrently, there is no limit for raid1/raid10 plugged bio. While flushing\nwrites, raid1 has cond_resched() while raid10 doesn't, and too many\nwrites can cause soft lockup.\nFollow up soft lockup can be triggered easily with writeback test for\nraid10 with ramdisks:\nwatchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293]\nCall Trace:\n\ncall_rcu+0x16/0x20\nput_object+0x41/0x80\n__delete_object+0x50/0x90\ndelete_object_full+0x2b/0x40\nkmemleak_free+0x46/0xa0\nslab_free_freelist_hook.constprop.0+0xed/0x1a0\nkmem_cache_free+0xfd/0x300\nmempool_free_slab+0x1f/0x30\nmempool_free+0x3a/0x100\nbio_free+0x59/0x80\nbio_put+0xcf/0x2c0\nfree_r10bio+0xbf/0xf0\nraid_end_bio_io+0x78/0xb0\none_write_done+0x8a/0xa0\nraid10_end_write_request+0x1b4/0x430\nbio_endio+0x175/0x320\nbrd_submit_bio+0x3b9/0x9b7 [brd]\n__submit_bio+0x69/0xe0\nsubmit_bio_noacct_nocheck+0x1e6/0x5a0\nsubmit_bio_noacct+0x38c/0x7e0\nflush_pending_writes+0xf0/0x240\nraid10d+0xac/0x1ed0\nFix the problem by adding cond_resched() to raid10 like what raid1 did.\nNote that unlimited plugged bio still need to be optimized, for example,\nin the case of lots of dirty pages writeback, this will take lots of\nmemory and io will spend a long time in plug, hence io latency is bad.", "A flaw was found in the Linux kernel's Multiple Device (MD) driver, specifically within the RAID10 implementation. This vulnerability allows a local user to trigger a soft lockup, leading to a Denial of Service (DoS). The issue arises because the md/raid10 component lacks a limit on plugged bio (block input/output) requests during write flushing, causing the CPU to become unresponsive under heavy write operations." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:3138", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53151\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53151\nhttps://lore.kernel.org/linux-cve-announce/2025091552-CVE-2023-53151-263e@gregkh/T" ], "name" : "CVE-2023-53151", "csaw" : false }