CVE-2023-53620
MEDIUM EPSS 3.7%
Published Oct 7, 20258mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Oct 7, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in status_resync status_resync() will calculate 'curr_resync - recovery_active' to show user a progress bar like following: [============>........] resync = 61.4% 'curr_resync' and 'recovery_active' is updated in md_do_sync(), and status_resync() can read them concurrently, hence it's possible that 'curr_resync - recovery_active' can overflow to a huge number. In this case status_resync() will be stuck in the loop to print a large amount of '=', which will end up soft lockup. Fix the problem by setting 'resync' to MD_RESYNC_ACTIVE in this case, this way resync in progress will be reported to user.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
3.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-667
Affected Products 7
References 3
- git.kernel.org https://git.kernel.org/stable/c/23309704e90859af2662bedc44101e6d1d2ece7e
- git.kernel.org https://git.kernel.org/stable/c/6efddf1e32e2a264694766ca485a4f5e04ee82a7
- git.kernel.org https://git.kernel.org/stable/c/b4acb6c3ede88d6b7d33742a09e63cfce5e7fb69
Remediation
- git.kernel.org https://git.kernel.org/stable/c/23309704e90859af2662bedc44101e6d1d2ece7e
- git.kernel.org https://git.kernel.org/stable/c/6efddf1e32e2a264694766ca485a4f5e04ee82a7
- git.kernel.org https://git.kernel.org/stable/c/b4acb6c3ede88d6b7d33742a09e63cfce5e7fb69