| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100431-CVE-2023-53604-31fe@gregkh> Date: Sat, 4 Oct 2025 17:51:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53604: dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path Otherwise the journal_io_cache will leak if dm_register_target() fails. The Linux kernel CVE team has assigned CVE-2023-53604 to this issue. Affected and fixed versions =========================== Fixed in 4.14.315 with commit ff4d6b5b38429a7731e5593680d2138bf74dd546 Fixed in 4.19.283 with commit ca8b634fdf07dee3f6dfde57079c4511480b525e Fixed in 5.4.243 with commit 6d126899b0747305c9d39a0bcf87e0df9c3f555b Fixed in 5.10.180 with commit 44f29e93a55b544dc961b6f8b4e93abaeaafb9ee Fixed in 5.15.111 with commit a5d8c6bf58e5b2e70fbc15f3b08dfc1ba6f269ac Fixed in 6.1.28 with commit 3877b5c1509b16eeb1f275228fd91789cd88cf17 Fixed in 6.2.15 with commit c8c9c50268729bf35f6c9bb1205f490db920454e Fixed in 6.3.2 with commit e09a592fdd6c716506774bdbebb5f6c537b47767 Fixed in 6.4 with commit 6b79a428c02769f2a11f8ae76bf866226d134887 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53604 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/dm-integrity.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ff4d6b5b38429a7731e5593680d2138bf74dd546 https://git.kernel.org/stable/c/ca8b634fdf07dee3f6dfde57079c4511480b525e https://git.kernel.org/stable/c/6d126899b0747305c9d39a0bcf87e0df9c3f555b https://git.kernel.org/stable/c/44f29e93a55b544dc961b6f8b4e93abaeaafb9ee https://git.kernel.org/stable/c/a5d8c6bf58e5b2e70fbc15f3b08dfc1ba6f269ac https://git.kernel.org/stable/c/3877b5c1509b16eeb1f275228fd91789cd88cf17 https://git.kernel.org/stable/c/c8c9c50268729bf35f6c9bb1205f490db920454e https://git.kernel.org/stable/c/e09a592fdd6c716506774bdbebb5f6c537b47767 https://git.kernel.org/stable/c/6b79a428c02769f2a11f8ae76bf866226d134887
Powered by blists - more mailing lists