CVE-2023-54088 — Improper Resource Locking in Linux

CWE-413 — Improper Resource Locking7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: hold queue_lock when removing blkg->q_node When blkg is removed from q->blkg_list from blkg_free_workfn(), queue_lock has to be held, otherwise, all kinds of bugs(list corruption, hard lockup, ..) can be triggered from blkg_destroy_all().

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.2.0 — 6.2.4+2

▶Debianlinux/linux_kernel< 6.4.13-1+1

▶CVEListV5linux/linux81c1188905f88b77743d1fdeeedfc8cb7b67787d — b5dae1cd0d8368b4338430ff93403df67f0b8bcc+4

▶debiandebian/linux< linux 6.4.13-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-vfv6-vxgw-2mv8: In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: hold queue_lock when removing blkg->q_node When blkg is removed from↗2025-12-24

▶

OSV

CVE-2023-54088: In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: hold queue_lock when removing blkg->q_node When blkg is removed from q↗2025-12-24

▶

OSV

blk-cgroup: hold queue_lock when removing blkg->q_node↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: blk-cgroup: hold queue_lock when removing blkg->q_node↗2025-12-24

▶

Debian

CVE-2023-54088: linux - In the Linux kernel, the following vulnerability has been resolved: blk-cgroup:...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54088 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶