CVE-2023-53722
md: raid1: fix potential OOB in raid1_remove_disk()
Description
In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found similar reports as follows: 1) commit d17f744e883b ("md-raid10: fix KASAN warning") 2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk") Fix this bug by checking whether the "number" variable is valid.
INFO
Published Date :
Oct. 22, 2025, 2:15 p.m.
Last Modified :
Oct. 22, 2025, 9:12 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Update the Linux kernel to the latest version.
- Apply the specific patch for raid1_remove_disk.
- Verify the patch resolves the out-of-bounds issue.
- Reboot the system after applying updates.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53722.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53722 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53722
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53722 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53722 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 22, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found similar reports as follows: 1) commit d17f744e883b ("md-raid10: fix KASAN warning") 2) commit 1ebc2cec0b7d ("dm raid: fix KASAN warning in raid5_remove_disk") Fix this bug by checking whether the "number" variable is valid. Added Reference https://git.kernel.org/stable/c/25a68f2286be56fb3a6f9fa0e269c04b5e6c6e24 Added Reference https://git.kernel.org/stable/c/4bdb92eaf645e312975357adc3c4e9523b6e67f1 Added Reference https://git.kernel.org/stable/c/4f7d853b4590fc20e90dd50e346c02811a8c5b08 Added Reference https://git.kernel.org/stable/c/4f96c0665f9f4cf70130c9757750dc43dc679c82 Added Reference https://git.kernel.org/stable/c/7993cfc041481a3a9cd4a3858088fc846b8ccaf7 Added Reference https://git.kernel.org/stable/c/8b0472b50bcf0f19a5119b00a53b63579c8e1e4d Added Reference https://git.kernel.org/stable/c/91fbd4e75cb573f44d2619a9dc2f9ba927040760 Added Reference https://git.kernel.org/stable/c/beedf40f73939f248c81802eda08a2a8148ea13e