{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2023-53823", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-09T01:27:17.824Z", "datePublished": "2025-12-09T01:29:36.343Z", "dateUpdated": "2026-05-23T15:31:15.617Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:31:15.617Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rq_qos: protect rq_qos apis with a new lock\n\ncommit 50e34d78815e (\"block: disable the elevator int del_gendisk\")\nmove rq_qos_exit() from disk_release() to del_gendisk(), this will\nintroduce some problems:\n\n1) If rq_qos_add() is triggered by enabling iocost/iolatency through\n cgroupfs, then it can concurrent with del_gendisk(), it's not safe to\n write 'q->rq_qos' concurrently.\n\n2) Activate cgroup policy that is relied on rq_qos will call\n rq_qos_add() and blkcg_activate_policy(), and if rq_qos_exit() is\n called in the middle, null-ptr-dereference will be triggered in\n blkcg_activate_policy().\n\n3) blkg_conf_open_bdev() can call blkdev_get_no_open() first to find the\n disk, then if rq_qos_exit() from del_gendisk() is done before\n rq_qos_add(), then memory will be leaked.\n\nThis patch add a new disk level mutex 'rq_qos_mutex':\n\n1) The lock will protect rq_qos_exit() directly.\n\n2) For wbt that doesn't relied on blk-cgroup, rq_qos_add() can only be\n called from disk initialization for now because wbt can't be\n destructed until rq_qos_exit(), so it's safe not to protect wbt for\n now. Hoever, in case that rq_qos dynamically destruction is supported\n in the furture, this patch also protect rq_qos_add() from wbt_init()\n directly, this is enough because blk-sysfs already synchronize\n writers with disk removal.\n\n3) For iocost and iolatency, in order to synchronize disk removal and\n cgroup configuration, the lock is held after blkdev_get_no_open()\n from blkg_conf_open_bdev(), and is released in blkg_conf_exit().\n In order to fix the above memory leak, disk_live() is checked after\n holding the new lock." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "block/blk-cgroup.c", "block/blk-core.c", "block/blk-rq-qos.c", "block/blk-wbt.c", "include/linux/blkdev.h" ], "versions": [ { "version": "50e34d78815e474d410f342fbe783b18192ca518", "lessThan": "16398b4638b5cd8c1dc95fc940a1591a801d53ce", "status": "affected", "versionType": "git" }, { "version": "50e34d78815e474d410f342fbe783b18192ca518", "lessThan": "a13bd91be22318768d55470cbc0b0f4488ef9edf", "status": "affected", "versionType": "git" }, { "version": "f28699fafc047ec33299da01e928c3a0073c5cc6", "status": "affected", "versionType": "git" }, { "version": "5.18.8", "lessThan": "5.19", "status": "affected", "versionType": "semver" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "block/blk-cgroup.c", "block/blk-core.c", "block/blk-rq-qos.c", "block/blk-wbt.c", "include/linux/blkdev.h" ], "versions": [ { "version": "5.19", "status": "affected" }, { "version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver" }, { "version": "6.4.4", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.4.4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18.8" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/16398b4638b5cd8c1dc95fc940a1591a801d53ce" }, { "url": "https://git.kernel.org/stable/c/a13bd91be22318768d55470cbc0b0f4488ef9edf" } ], "title": "block/rq_qos: protect rq_qos apis with a new lock", "x_generator": { "engine": "bippy-1.2.0" } } } }