CVE-2023-53786

Vulnerability

Description

CVE-2023-53786 is a NULL pointer dereference vulnerability in the Linux kernel's device-mapper (dm) flakey target. The bug occurs when parsing a malformed table line that specifies the corrupt_bio_byte parameter without a valid arg_name argument. Specifically, issuing a dmsetup create command with a table line such as "0 flakey 0 0 1 2 corrupt_bio_byte 512" causes the kernel to attempt to compare a NULL pointer (arg_name) against expected strings, leading to a crash [1][2][3][4].

Exploitation

The vulnerability is exploitable only by a privileged user with access to the dmsetup utility. An attacker must have the ability to create device-mapper targets, typically requiring root or CAP_SYS_ADMIN capabilities. The attack vector is local – no network access is needed. The crafted table line must include the exact invalid corrupt_bio_byte parameter with an additional numeric argument (e.g., 512) before the required block offset, causing arg_name to remain NULL instead of being set to a valid string [1][4].

Impact

A successful exploit results in a NULL pointer dereference, leading to a kernel panic or system crash (denial of service). This can cause the system to become unavailable or require a reboot. No evidence of privilege escalation or remote code execution is present in the available references; the impact is limited to denial of service [1][2][3].

Mitigation

The fix, which was applied to the Linux kernel stable tree, adds a simple NULL check for arg_name before calling strcmp [1][2][3][4]. The corrected code returns an error (-EINVAL) when an unrecognized or missing argument is encountered, preventing the crash. Users should apply the patch from their distribution's updated kernel package. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities (KEV) catalog at the time of publication.