VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54324

CVE-2023-54324

Description

In the Linux kernel, the following vulnerability has been resolved:

dm: fix a race condition in retrieve_deps

There's a race condition in the multipath target when retrieve_deps races with multipath_message calling dm_get_device and dm_put_device. retrieve_deps walks the list of open devices without holding any lock but multipath may add or remove devices to the list while it is running. The end result may be memory corruption or use-after-free memory access.

See this description of a UAF with multipath_message(): https://listman.redhat.com/archives/dm-devel/2022-October/052373.html

Fix this bug by introducing a new rw semaphore "devices_lock". We grab devices_lock for read in retrieve_deps and we grab it for write in dm_get_device and dm_put_device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A race condition in Linux kernel's device mapper multipath target allows use-after-free when retrieve_deps races with dm_get_device or dm_put_device.

Vulnerability

In the Linux kernel, a race condition exists in the multipath target of the device mapper (dm) subsystem. The retrieve_deps function walks the list of open devices without holding any lock, while multipath_message calls dm_get_device and dm_put_device which may add or remove devices from that list concurrently [description]. This lack of synchronization can lead to memory corruption or memory corruption [description].

Exploitation

An attacker with the ability to trigger retrieve_deps while simultaneous device addition/removal operations occur can exploit this race condition. The attack surface is local, requiring access to the device mapper ioctl interface or multipath tools. No special privileges beyond those needed to manipulate dm devices are required, making it exploitable by unprivileged users in some configurations [description].

Impact

Successful exploitation results in use-after-free memory access, potentially leading to memory corruption or arbitrary code execution with kernel privileges [description]. This could allow an attacker to crash the system or escalate privileges.

Mitigation

The fix introduces a new rw semaphore named devices_lock, which is taken for read in retrieve_deps and for write in dm_get_device and dm_put_device [description]. The patch has been accepted into the stable kernel tree; users should apply the relevant commits [1][2][3] to their kernels.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

3
dbf1a7198505
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
38f6e5ae5d9f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f6007dce0cd3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.