CVE-2023-53810Use After Free in Linux

CWE-416Use After Free6 documents5 sources
Severity
4.5MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk_crypto_key has completed, filesystems can call blk_crypto_evict_key(). However, the block layer currently doesn't call blk_crypto_put_keyslot() until the request is being freed, which happens after upper layers have been told (via bio_endio()) the I/O has completed. This causes a race condition where blk_crypto_evict_key() can see 'slot_refs

Affected Packages4 packages

Linuxlinux/linux_kernel5.8.05.10.180+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxa892c8d52c02284076fbbacae6692aa5c5807d11874bdf43b4a7dc5463c31508f62b3e42eb237b08+6
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
blk-mq: release crypto keyslot before reporting I/O complete2025-12-09
GHSA
GHSA-jxhv-6vcg-8ffm: In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using2025-12-09
OSV
CVE-2023-53810: In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: blk-mq: release crypto keyslot before reporting I/O complete2025-12-09
Debian
CVE-2023-53810: linux - In the Linux kernel, the following vulnerability has been resolved: blk-mq: rel...2023