{
  "threat_severity" : "Low",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: md: fix warning for holder mismatch from export_rdev()",
    "id" : "2420251",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420251"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmd: fix warning for holder mismatch from export_rdev()\nCommit a1d767191096 (\"md: use mddev->external to select holder in\nexport_rdev()\") fix the problem that 'claim_rdev' is used for\nblkdev_get_by_dev() while 'rdev' is used for blkdev_put().\nHowever, if mddev->external is changed from 0 to 1, then 'rdev' is used\nfor blkdev_get_by_dev() while 'claim_rdev' is used for blkdev_put(). And\nthis problem can be reporduced reliably by following:\nNew file: mdadm/tests/23rdev-lifetime\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\nclean_up_test() {\npill -9 $pid\necho clear > /sys/block/md0/md/array_state\n}\ntrap 'clean_up_test' EXIT\nadd_by_sysfs() {\nwhile true; do\necho $devt > /sys/block/md0/md/new_dev\ndone\n}\nremove_by_sysfs(){\nwhile true; do\necho remove > /sys/block/md0/md/dev-${devname}/state\ndone\n}\necho md0 > /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\nadd_by_sysfs &\npid=\"$pid $!\"\nremove_by_sysfs &\npid=\"$pid $!\"\nsleep $runtime\nexit 0\nTest cmd:\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\nTest result:\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 960 at block/bdev.c:618 blkdev_put+0x27c/0x330\nModules linked in: multipath md_mod loop\nCPU: 0 PID: 960 Comm: test Not tainted 6.5.0-rc2-00121-g01e55c376936-dirty #50\nRIP: 0010:blkdev_put+0x27c/0x330\nCall Trace:\n<TASK>\nexport_rdev.isra.23+0x50/0xa0 [md_mod]\nmddev_unlock+0x19d/0x300 [md_mod]\nrdev_attr_store+0xec/0x190 [md_mod]\nsysfs_kf_write+0x52/0x70\nkernfs_fop_write_iter+0x19a/0x2a0\nvfs_write+0x3b5/0x770\nksys_write+0x74/0x150\n__x64_sys_write+0x22/0x30\ndo_syscall_64+0x40/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFix the problem by recording if 'rdev' is used as holder.", "A logic inconsistency was identified in the Linux kernel md (multiple device) driver involving the export_rdev() function and associated block device holder bookkeeping. Under certain sequences where mddev->external is toggled, the code would use one holder (claim_rdev) to get a block device but a different holder (rdev) to put it back, leading to a mismatch in reference accounting. This could result in spurious kernel warnings and potential resource lifetime misbehavior when interacting with md devices via sysfs" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53791\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53791\nhttps://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53791-a2ea@gregkh/T" ],
  "name" : "CVE-2023-53791",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}