AZL-71915

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71915.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-71915

Upstream

CVE-2023-53421

Published

2025-09-18T16:15:45Z

Modified

2026-04-01T05:22:06.399622Z

Summary

CVE-2023-53421 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

blk-cgroup: Reinit blkgiostatset after clearing in blkcgresetstats()

When blkgalloc() is called to allocate a blkcggq structure with the associated blkgiostatset's, there are 2 fields within blkgiostatset that requires proper initialization - blkg & sync. The former field was introduced by commit 3b8cc6298724 ("blk-cgroup: Optimize blkcgrstatflush()") while the later one was introduced by commit f73316482977 ("blk-cgroup: reimplement basic IO stats using cgroup rstat").

Unfortunately those fields in the blkgiostatset's are not properly re-initialized when they are cleared in v1's blkcgresetstats(). This can lead to a kernel panic due to NULL pointer access of the blkg pointer. The missing initialization of sync is less problematic and can be a problem in a debug kernel due to missing lockdep initialization.

Fix these problems by re-initializing them after memory clearing.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-53421

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71915.json"