Home

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe null_blk nr_devices=0 submit_queues=8 3. mkdir /mnt/nullb/nullb0 4. echo 1 > /mnt/nullb/nullb0/power 5. echo 4 > /mnt/nullb/nullb0/submit_queues 6. rmdir /mnt/nullb/nullb0 In step 4, will alloc 9 tags (8 submit queues and 1 poll queue), then in step 5, new_nr_hw_queues = 5 (4 submit queues and 1 poll queue). At last in step 6, only these 5 tags are freed, the other 4 tags leaked.

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2026-01-05 | Assigner Linux

Product status

Default status
unaffected

a846a8e6c9a5949582c5a6a8bbc83a7d27fd891e (git) before c0ef7493e68b8896806a2f598fcffbaa97333405
affected

a846a8e6c9a5949582c5a6a8bbc83a7d27fd891e (git) before e1dd7bc93029024af5688253b0c05181d6e01f8e
affected

Default status
affected

5.16
affected

Any version before 5.16
unaffected

6.5.5 (semver)
unaffected

6.6 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/c0ef7493e68b8896806a2f598fcffbaa97333405

git.kernel.org/...c/e1dd7bc93029024af5688253b0c05181d6e01f8e

cve.org (CVE-2023-54227)

nvd.nist.gov (CVE-2023-54227)

Download JSON