CVE-2023-53860

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc1-g39956d2dcd81 #132

Description The Linux kernel contained a flaw in the device mapper (dm) subsystem where it incorrectly attempted to queue I/O operations while under Read-Copy Update (RCU) protection. This occurred because the system assumed that requests marked with REQ NOWAIT were safe to submit under RCU read lock protection, which is not the case. REQ NOWAIT only indicates that the operation should not sleep while waiting for I/O, but does not guarantee that it won't potentially schedule tasks. A test case was provided demonstrating this issue, resulting in a kernel bug related to sleeping functions being called from an invalid context. The issue can lead to system instability. The vulnerable code involves the dm submit bio function and related bio allocation and submission routines.

Recommendations Update to a version of the Linux kernel newer than 6.6.0-rc1-g39956d2dcd81 #132.