CVE-2023-53783

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the block I/O cost model (calc lcoefs() function) that can lead to a divide-by-zero error. This occurs when a maximum value is echoed to the cost.model parameter, potentially causing an overflow if the sum of bytes per second (bps) and IOC PAGE SIZE exceeds the maximum value of an unsigned 64-bit integer (ULLONG MAX). The issue is triggered when using the echo command to set the cost.model value, for example: echo 8:0 rbps=18446744073709551615 > /sys/fs/cgroup/io.cost.model. The calc lcoefs() function utilizes the input value in DIV ROUND UP ULL, which results in the error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.