CVE Vulnerabilities

CVE-2023-53481

Published: Oct 01, 2025 | Modified: Oct 01, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In the Linux kernel, the following vulnerability has been resolved:

ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed

Following process will trigger an infinite loop in ubi_wl_put_peb():

ubifs_bgt		ubi_bgt

ubifs_leb_unmap ubi_leb_unmap ubi_eba_unmap_leb ubi_wl_put_peb wear_leveling_worker e1 = rb_entry(rb_first(&ubi->used) e2 = get_peb_for_wl(ubi) ubi_io_read_vid_hdr // return err (flash fault) out_error: ubi->move_from = ubi->move_to = NULL wl_entry_destroy(ubi, e1) ubi->lookuptbl[e->pnum] = NULL retry: e = ubi->lookuptbl[pnum]; // return NULL if (e == ubi->move_from) { // NULL == NULL gets true goto retry; // infinite loop !!!

$ top PID USER PR NI VIRT RES SHR S %CPU %MEM COMMAND 7676 root 20 0 0 0 0 R 100.0 0.0 ubifs_bgt0_0

Fix it by:

  1. Letting ubi_wl_put_peb() returns directly if wearl leveling entry has been removed from ubi->lookuptbl.
  2. Using ubi->wl_lock protecting wl entry deletion to preventing an use-after-free problem for wl entry in ubi_wl_put_peb().

Fetch a reproducer in [Link].

References