CVE-2023-53823

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the handling of request queue quality of service (rq qos) APIs. Specifically, concurrent access to rq qos without proper synchronization mechanisms can lead to issues such as null-pointer dereferences and memory leaks. The issue arises from interactions between rq qos add(), rq qos exit(), del gendisk(), blkcg activate policy(), and blkg conf open bdev(). A new disk-level mutex, rq qos mutex, has been introduced to protect these APIs. The vulnerability can occur when enabling iocost/iolatency through cgroupfs, activating cgroup policies reliant on rq qos, or during disk removal. The vulnerable functions include rq qos add(), rq qos exit(), blkcg activate policy(), blkg conf open bdev(), and blkg conf exit(). The variable q->rq qos is subject to concurrent access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.