{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: dm cache: free background tracker's queued work in btracker_destroy",
    "id" : "2419938",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419938"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndm cache: free background tracker's queued work in btracker_destroy\nOtherwise the kernel can BUG with:\n[ 2245.426978] =============================================================================\n[ 2245.435155] BUG bt_work (Tainted: G    B   W         ): Objects remaining in bt_work on __kmem_cache_shutdown()\n[ 2245.445233] -----------------------------------------------------------------------------\n[ 2245.445233]\n[ 2245.454879] Slab 0x00000000b0ce2b30 objects=64 used=2 fp=0x000000000a3c6a4e flags=0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)\n[ 2245.467300] CPU: 7 PID: 10805 Comm: lvm Kdump: loaded Tainted: G    B   W          6.0.0-rc2 #19\n[ 2245.476078] Hardware name: Dell Inc. PowerEdge R7525/0590KW, BIOS 2.5.6 10/06/2021\n[ 2245.483646] Call Trace:\n[ 2245.486100]  <TASK>\n[ 2245.488206]  dump_stack_lvl+0x34/0x48\n[ 2245.491878]  slab_err+0x95/0xcd\n[ 2245.495028]  __kmem_cache_shutdown.cold+0x31/0x136\n[ 2245.499821]  kmem_cache_destroy+0x49/0x130\n[ 2245.503928]  btracker_destroy+0x12/0x20 [dm_cache]\n[ 2245.508728]  smq_destroy+0x15/0x60 [dm_cache_smq]\n[ 2245.513435]  dm_cache_policy_destroy+0x12/0x20 [dm_cache]\n[ 2245.518834]  destroy+0xc0/0x110 [dm_cache]\n[ 2245.522933]  dm_table_destroy+0x5c/0x120 [dm_mod]\n[ 2245.527649]  __dm_destroy+0x10e/0x1c0 [dm_mod]\n[ 2245.532102]  dev_remove+0x117/0x190 [dm_mod]\n[ 2245.536384]  ctl_ioctl+0x1a2/0x290 [dm_mod]\n[ 2245.540579]  dm_ctl_ioctl+0xa/0x20 [dm_mod]\n[ 2245.544773]  __x64_sys_ioctl+0x8a/0xc0\n[ 2245.548524]  do_syscall_64+0x5c/0x90\n[ 2245.552104]  ? syscall_exit_to_user_mode+0x12/0x30\n[ 2245.556897]  ? do_syscall_64+0x69/0x90\n[ 2245.560648]  ? do_syscall_64+0x69/0x90\n[ 2245.564394]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 2245.569447] RIP: 0033:0x7fe52583ec6b\n...\n[ 2245.646771] ------------[ cut here ]------------\n[ 2245.651395] kmem_cache_destroy bt_work: Slab cache still has objects when called from btracker_destroy+0x12/0x20 [dm_cache]\n[ 2245.651408] WARNING: CPU: 7 PID: 10805 at mm/slab_common.c:478 kmem_cache_destroy+0x128/0x130\nFound using: lvm2-testsuite --only \"cache-single-split.sh\"\nBen bisected and found that commit 0495e337b703 (\"mm/slab_common:\nDeleting kobject in kmem_cache_destroy() without holding\nslab_mutex/cpu_hotplug_lock\") first exposed dm-cache's incomplete\ncleanup of its background tracker work objects.", "A memory leak was found in the device-mapper cache target in the Linux kernel. The btracker_destroy() function fails to free queued work items from the background tracker before destroying the slab cache. This triggers a BUG when kmem_cache_shutdown() finds objects still remaining." ],
  "statement" : "The vulnerability manifests during dm-cache device teardown, causing a kernel BUG rather than silent memory corruption. Systems using LVM caching or dm-cache directly are potentially affected during cache device removal.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53765\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53765\nhttps://lore.kernel.org/linux-cve-announce/2025120845-CVE-2023-53765-0317@gregkh/T" ],
  "name" : "CVE-2023-53765",
  "csaw" : false
}