CVE-2023-53292
Modified Modified - Updated After Analysis
BaseFortify

Publication date: 2025-09-16

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none After grabbing q->sysfs_lock, q->elevator may become NULL because of elevator switch. Fix the NULL dereference on q->elevator by checking it with lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53292
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel to 6.4.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's block multi-queue (blk-mq) subsystem. Specifically, after acquiring a lock (q->sysfs_lock), the pointer q->elevator may become NULL due to an elevator switch, which was not properly checked before use. This could lead to a kernel crash or instability.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or become unstable due to a NULL pointer dereference, potentially leading to denial of service or system downtime.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53292. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart