CVE-2023-52983

After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"), bic->bfqq will be accessed in bicsetbfqq(), however, in some context bic->bfqq will be freed, and bicsetbfqq() is called with the freed bic->bfqq.

Fix the problem by always freeing bfqq after bicsetbfqq().

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52983.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5533742c7cb1bc9b1f0bf401cc397d44a3a9e07a

Fixed

7f77f3dab5066a7c9da73d72d1eee895ff84a8d5

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

094f3d9314d67691cb21ba091c1b528f6e3c4893

Fixed

511c922c5bf6c8a166bea826e702336bc2424140

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

761564d93c8265f65543acf0a576b32d66bfa26a

Fixed

cb1876fc33af26d00efdd473311f1b664c77c44e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

64dc8c732f5c2b406cc752e6aaa1bd5471159cab

Fixed

b600de2d7d3a16f9007fad1bdae82a3951a26af2

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b22fd72bfebda3956efc4431b60ddfc0a51e03e0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52983.json"