{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54317", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:44.531Z", "datePublished": "2025-12-30T12:23:47.232Z", "dateUpdated": "2025-12-30T12:23:47.232Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:23:47.232Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm flakey: don't corrupt the zero page\n\nWhen we need to zero some range on a block device, the function\n__blkdev_issue_zero_pages submits a write bio with the bio vector pointing\nto the zero page. If we use dm-flakey with corrupt bio writes option, it\nwill corrupt the content of the zero page which results in crashes of\nvarious userspace programs. Glibc assumes that memory returned by mmap is\nzeroed and it uses it for calloc implementation; if the newly mapped\nmemory is not zeroed, calloc will return non-zeroed memory.\n\nFix this bug by testing if the page is equal to ZERO_PAGE(0) and\navoiding the corruption in this case."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-flakey.c"], "versions": [{"version": "c6cd92fcabd6cc78bb1808c6a18245c842722fc1", "lessThan": "b7f8892f672222dbfcc721f51edc03963212b249", "status": "affected", "versionType": "git"}, {"version": "d4c637af2e56ee1ec66ee34d0ac5a13c75911aec", "lessThan": "98e311be44dbe31ad9c42aa067b2359bac451fda", "status": "affected", "versionType": "git"}, {"version": "a00f5276e26636cbf72f24f79831026d2e2868e7", "lessThan": "3c4a56ef7c538d16c1738ba0ccea9e7146105b5a", "status": "affected", "versionType": "git"}, {"version": "a00f5276e26636cbf72f24f79831026d2e2868e7", "lessThan": "f2b478228bfdd11e358c5bc197561331f5d5c394", "status": "affected", "versionType": "git"}, {"version": "a00f5276e26636cbf72f24f79831026d2e2868e7", "lessThan": "ff60b2bb680ebcaf8890814dd51084a022891469", "status": "affected", "versionType": "git"}, {"version": "a00f5276e26636cbf72f24f79831026d2e2868e7", "lessThan": "be360c83f2d810493c04f999d69ec9152981e0c0", "status": "affected", "versionType": "git"}, {"version": "a00f5276e26636cbf72f24f79831026d2e2868e7", "lessThan": "63d31617883d64b43b0e2d529f0751f40713ecae", "status": "affected", "versionType": "git"}, {"version": "a00f5276e26636cbf72f24f79831026d2e2868e7", "lessThan": "f50714b57aecb6b3dc81d578e295f86d9c73f078", "status": "affected", "versionType": "git"}, {"version": "1ed7c9f45fb893877ffa7cedd7aa61beaadbb328", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-flakey.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.308", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.276", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.235", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.173", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.99", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.16", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.3", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.158", "versionEndExcluding": "4.14.308"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.88", "versionEndExcluding": "4.19.276"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.4.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.10.173"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.15.99"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.1.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.2.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.206"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51edc03963212b249"}, {"url": "https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa067b2359bac451fda"}, {"url": "https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0ccea9e7146105b5a"}, {"url": "https://git.kernel.org/stable/c/f2b478228bfdd11e358c5bc197561331f5d5c394"}, {"url": "https://git.kernel.org/stable/c/ff60b2bb680ebcaf8890814dd51084a022891469"}, {"url": "https://git.kernel.org/stable/c/be360c83f2d810493c04f999d69ec9152981e0c0"}, {"url": "https://git.kernel.org/stable/c/63d31617883d64b43b0e2d529f0751f40713ecae"}, {"url": "https://git.kernel.org/stable/c/f50714b57aecb6b3dc81d578e295f86d9c73f078"}], "title": "dm flakey: don't corrupt the zero page", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm flakey: don't corrupt the zero page\n\nWhen we need to zero some range on a block device, the function\n__blkdev_issue_zero_pages submits a write bio with the bio vector pointing\nto the zero page. If we use dm-flakey with corrupt bio writes option, it\nwill corrupt the content of the zero page which results in crashes of\nvarious userspace programs. Glibc assumes that memory returned by mmap is\nzeroed and it uses it for calloc implementation; if the newly mapped\nmemory is not zeroed, calloc will return non-zeroed memory.\n\nFix this bug by testing if the page is equal to ZERO_PAGE(0) and\navoiding the corruption in this case."}], "id": "CVE-2023-54317", "lastModified": "2025-12-31T20:42:43.210", "metrics": {}, "published": "2025-12-30T13:16:20.973", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0ccea9e7146105b5a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/63d31617883d64b43b0e2d529f0751f40713ecae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa067b2359bac451fda"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51edc03963212b249"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/be360c83f2d810493c04f999d69ec9152981e0c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f2b478228bfdd11e358c5bc197561331f5d5c394"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f50714b57aecb6b3dc81d578e295f86d9c73f078"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ff60b2bb680ebcaf8890814dd51084a022891469"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: dm flakey: don't corrupt the zero page", "id": "2426017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426017"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndm flakey: don't corrupt the zero page\nWhen we need to zero some range on a block device, the function\n__blkdev_issue_zero_pages submits a write bio with the bio vector pointing\nto the zero page. If we use dm-flakey with corrupt bio writes option, it\nwill corrupt the content of the zero page which results in crashes of\nvarious userspace programs. Glibc assumes that memory returned by mmap is\nzeroed and it uses it for calloc implementation; if the newly mapped\nmemory is not zeroed, calloc will return non-zeroed memory.\nFix this bug by testing if the page is equal to ZERO_PAGE(0) and\navoiding the corruption in this case."], "name": "CVE-2023-54317", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-54317\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54317\nhttps://lore.kernel.org/linux-cve-announce/2025123037-CVE-2023-54317-4750@gregkh/T"], "threat_severity": "Moderate"}