CVE-2023-52983

Description

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"), bic->bfqq will be accessed in bic_set_bfqq(), however, in some context bic->bfqq will be freed, and bic_set_bfqq() is called with the freed bic->bfqq. Fix the problem by always freeing bfqq after bic_set_bfqq().

Reserved 2025-03-27 | Published 2025-03-27 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

5533742c7cb1bc9b1f0bf401cc397d44a3a9e07a before 7f77f3dab5066a7c9da73d72d1eee895ff84a8d5
affected

094f3d9314d67691cb21ba091c1b528f6e3c4893 before 511c922c5bf6c8a166bea826e702336bc2424140
affected

761564d93c8265f65543acf0a576b32d66bfa26a before cb1876fc33af26d00efdd473311f1b664c77c44e
affected

64dc8c732f5c2b406cc752e6aaa1bd5471159cab before b600de2d7d3a16f9007fad1bdae82a3951a26af2
affected

b22fd72bfebda3956efc4431b60ddfc0a51e03e0
affected

Default status
unaffected

5.15.86 before 5.15.93
affected

6.1.2 before 6.1.11
affected

References

git.kernel.org/...c/7f77f3dab5066a7c9da73d72d1eee895ff84a8d5

git.kernel.org/...c/511c922c5bf6c8a166bea826e702336bc2424140

git.kernel.org/...c/cb1876fc33af26d00efdd473311f1b664c77c44e

git.kernel.org/...c/b600de2d7d3a16f9007fad1bdae82a3951a26af2

cve.org (CVE-2023-52983)

nvd.nist.gov (CVE-2023-52983)

Download JSON