CVE-2023-53823
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: block/rq_qos: protect rq_qos apis with a new lock commit 50e34d78815e ("block: disable the elevator int del_gendisk") move rq_qos_exit() from disk_release() to del_gendisk(), this will introduce some problems: 1) If rq_qos_add() is triggered by enabling iocost/iolatency through cgroupfs, then it can concurrent with del_gendisk(), it's not safe to write 'q->rq_qos' concurrently. 2) Activate cgroup policy that is relied on rq_qos will call rq_qos_add() and blkcg_activate_policy(), and if rq_qos_exit() is called in the middle, null-ptr-dereference will be triggered in blkcg_activate_policy(). 3) blkg_conf_open_bdev() can call blkdev_get_no_open() first to find the disk, then if rq_qos_exit() from del_gendisk() is done before rq_qos_add(), then memory will be leaked. This patch add a new disk level mutex 'rq_qos_mutex': 1) The lock will protect rq_qos_exit() directly. 2) For wbt that doesn't relied on blk-cgroup, rq_qos_add() can only be called from disk initialization for now because wbt can't be destructed until rq_qos_exit(), so it's safe not to protect wbt for now. Hoever, in case that rq_qos dynamically destruction is supported in the furture, this patch also protect rq_qos_add() from wbt_init() directly, this is enough because blk-sysfs already synchronize writers with disk removal. 3) For iocost and iolatency, in order to synchronize disk removal and cgroup configuration, the lock is held after blkdev_get_no_open() from blkg_conf_open_bdev(), and is released in blkg_conf_exit(). In order to fix the above memory leak, disk_live() is checked after holding the new lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53823
EUVD
EUVD-2023-60173
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel relates to concurrency issues in the block request quality of service (rq_qos) APIs. Specifically, the lack of proper locking allows unsafe concurrent access to rq_qos structures when enabling certain cgroup policies like iocost or iolatency. This can lead to null pointer dereferences and memory leaks during disk removal and cgroup configuration changes. The fix introduces a new disk-level mutex 'rq_qos_mutex' to protect rq_qos_exit() and synchronize rq_qos_add() calls, preventing these unsafe concurrent operations.


How can this vulnerability impact me? :

This vulnerability can cause system instability or crashes due to null pointer dereferences and memory leaks when managing disk devices and cgroup policies related to block I/O scheduling. It may lead to unexpected behavior or resource exhaustion in systems using affected Linux kernel versions, especially when enabling iocost or iolatency cgroup policies.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that adds the new disk level mutex 'rq_qos_mutex' to the Linux kernel, which protects rq_qos APIs and prevents race conditions and memory leaks related to rq_qos_add() and rq_qos_exit(). This involves updating the kernel to a version that includes the commit 50e34d78815e or later.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart