CVE-2023-53810

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s block layer related to the handling of cryptographic keyslots during I/O completion. Specifically, the blk crypto put keyslot() function is called after upper layers are notified of I/O completion via bio endio(). This timing issue can lead to a race condition where blk crypto evict key() may incorrectly observe a non-zero slot refs count, potentially resulting in a use-after-free condition within the blk crypto reprogram all keys() function. This issue is most likely to occur when per-file keys are used with fscrypt. The fix involves releasing the keyslot before bio endio() is called.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.