Description

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor 'rq' after do_req_filebacked() finished unless we are sure that the request has not yet been completed. This patch fixes the following kernel crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000054 Call trace: css_put.42938+0x1c/0x1ac loop_process_work+0xc8c/0xfd4 loop_rootcg_workfn+0x24/0x34 process_one_work+0x244/0x558 worker_thread+0x400/0x8fc kthread+0x16c/0x1e0 ret_from_fork+0x10/0x20

INFO

Published Date :

2025-05-02T15:55:51.029Z

Last Modified :

2025-05-04T07:50:04.811Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53111 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53111.

URL Resource
https://git.kernel.org/stable/c/407badf73ec9fb0d5744bf2ca1745c1818aa222f cve-icon cve-icon
https://git.kernel.org/stable/c/6917395c4667cfb607ed8bf1826205a59414657c cve-icon cve-icon
https://git.kernel.org/stable/c/9b0cb770f5d7b1ff40bea7ca385438ee94570eec cve-icon cve-icon
https://git.kernel.org/stable/c/e3fda704903f6d1fc351412f1bc6620333959ada cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050227-CVE-2023-53111-2257@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53111 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53111 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact