CVE-2023-54271

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw in the block cgroup (blk-cgroup) subsystem. Specifically, a NULL pointer dereference could occur due to blkg policy data being installed before initialization. This issue stemmed from a race condition where blkcg activate policy() allocated and installed policy data structures before they were fully initialized, potentially leading to a crash when accessed by other functions like ioc weight write(). The root cause was the order in which policy data was allocated, initialized, and online, creating a window for the race condition. A patch was applied to address this by initializing and onlining policy data for each block group individually while holding the blkcg->lock, ensuring that a block group is always fully initialized and online.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.