AZL-76641

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76641.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-76641

Upstream

CVE-2023-53620

Published

2025-10-07T16:15:44Z

Modified

2026-04-21T04:39:05.270498Z

Summary

CVE-2023-53620 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

md: fix soft lockup in status_resync

statusresync() will calculate 'currresync - recovery_active' to show user a progress bar like following:

[============>........] resync = 61.4%

'currresync' and 'recoveryactive' is updated in mddosync(), and statusresync() can read them concurrently, hence it's possible that 'currresync - recoveryactive' can overflow to a huge number. In this case statusresync() will be stuck in the loop to print a large amount of '=', which will end up soft lockup.

Fix the problem by setting 'resync' to MDRESYNCACTIVE in this case, this way resync in progress will be reported to user.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-53620

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76641.json"