SB20251210103 - NULL pointer dereference in Linux kernel md driver
Published: December 10, 2025 Updated: December 12, 2025
Security Bulletin ID
SB20251210103
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2023-53786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the parse_features() function in drivers/md/dm-flakey.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/12849ed107c0b2869fb775c81208050899006f07
- https://git.kernel.org/stable/c/337b7af273562b73c46ef77a724604ad139ca762
- https://git.kernel.org/stable/c/8258d84a7917aeece773716518deadb7ad776cb7
- https://git.kernel.org/stable/c/83b4e3d878ea6be9aec1d5a1ab177c766c64d1a0
- https://git.kernel.org/stable/c/98dba02d9a93eec11bffbb93c7c51624290702d2
- https://git.kernel.org/stable/c/a1e3fffe02e05c05357af91364ac0fc1ed425b5b
- https://git.kernel.org/stable/c/cb874a190f3f7c3c3fa5b979bee7a3b8cc3a19cc
- https://git.kernel.org/stable/c/f76fcb9d43ec014ac4a1bb983768696d5b032df9
- https://git.kernel.org/stable/c/f95cb1526669ccdf7eb12eefd57a893953e3595f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.315