#VU119732 NULL pointer dereference in Linux kernel - CVE-2023-53786
Published: December 10, 2025 / Updated: December 12, 2025
Vulnerability identifier: #VU119732
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-53786
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the parse_features() function in drivers/md/dm-flakey.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/12849ed107c0b2869fb775c81208050899006f07
- https://git.kernel.org/stable/c/337b7af273562b73c46ef77a724604ad139ca762
- https://git.kernel.org/stable/c/8258d84a7917aeece773716518deadb7ad776cb7
- https://git.kernel.org/stable/c/83b4e3d878ea6be9aec1d5a1ab177c766c64d1a0
- https://git.kernel.org/stable/c/98dba02d9a93eec11bffbb93c7c51624290702d2
- https://git.kernel.org/stable/c/a1e3fffe02e05c05357af91364ac0fc1ed425b5b
- https://git.kernel.org/stable/c/cb874a190f3f7c3c3fa5b979bee7a3b8cc3a19cc
- https://git.kernel.org/stable/c/f76fcb9d43ec014ac4a1bb983768696d5b032df9
- https://git.kernel.org/stable/c/f95cb1526669ccdf7eb12eefd57a893953e3595f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.315