PT-2025-40718 · Linux+3 · Linux Kernel+3

Published

2023-04-18

Updated

2025-11-19

CVE-2023-53576

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc5lblk+ #5

Description The Linux kernel contained a flaw in the null block (null blk) driver related to the handling of queue mode settings through configfs. Specifically, the code did not adequately validate the queue mode setting when read from configfs, potentially leading to an out-of-bounds (OOPs) error when the queue mode was set to 1. This could occur when using the configfs interface to configure a null block device. The issue was triggered by a specific sequence of commands involving modprobe, mkdir, echo commands to set parameters like memory backing, blocksize, size, queue mode, and power settings.

Recommendations Update to a newer kernel version that includes the fix for this vulnerability.

Exploit

Fix

RCE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1288CWE-20CWE-476

Related Identifiers

ALSA-2025_16880

BDU:2026-01505

CESA-2024_3138

CVE-2023-53576

RHSA-2023:6583

RHSA-2023_6583

RHSA-2024:3138

RHSA-2024_3138

SUSE-SU-2025:4111-1

SUSE-SU-2025:4139-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-40718 · Linux+3 · Linux Kernel+3

CVE-2023-53576

Weakness Enumeration

Related Identifiers

Affected Products

References · 395