CVE-2023-53366

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53366
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53366.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53366
Downstream
Published
2025-09-17T14:56:54.604Z
Modified
2026-02-20T01:35:55.014608Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
block: be a bit more careful in checking for NULL bdev while polling
Details

In the Linux kernel, the following vulnerability has been resolved:

block: be a bit more careful in checking for NULL bdev while polling

Wei reports a crash with an application using polled IO:

PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 [#1] SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump: loaded Tainted: G S 5.12.0-0fbk12clang7346g1bb6f2e7058f #1 Hardware name: Wiwynn Delta Lake MP T8/Delta Lake-Class2, BIOS Y3DLM08 04/10/2022 RIP: 0010:biopoll+0x25/0x200 Code: 0f 1f 44 00 00 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 48 8b 47 08 <48> 8b 80 70 02 00 00 4c 8b 70 50 8b 6f 34 31 db 83 fd ff 75 25 65 RSP: 0018:ffffc90005fafdf8 EFLAGS: 00010292 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 74b43cd65dd66600 RDX: 0000000000000003 RSI: ffffc90005fafe78 RDI: ffff8884b614e140 RBP: ffff88849964df78 R08: 0000000000000000 R09: 0000000000000008 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88849964df00 R13: ffffc90005fafe78 R14: ffff888137d3c378 R15: 0000000000000001 FS: 00007fd195000640(0000) GS:ffff88903f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000270 CR3: 0000000466121001 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: iocbbioiopoll+0x1d/0x30 iodoiopoll+0xac/0x250 _sesysiouringenter+0x3c5/0x5a0 ? _x64syswrite+0x89/0xd0 dosyscall64+0x2d/0x40 entrySYSCALL64afterhwframe+0x44/0xae RIP: 0033:0x94f225d Code: 24 cc 00 00 00 41 8b 84 24 d0 00 00 00 c1 e0 04 83 e0 10 41 09 c2 8b 33 8b 53 04 4c 8b 43 18 4c 63 4b 0c b8 aa 01 00 00 0f 05 <85> c0 0f 88 85 00 00 00 29 03 45 84 f6 0f 84 88 00 00 00 41 f6 c7 RSP: 002b:00007fd194ffcd88 EFLAGS: 00000202 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 00007fd194ffcdc0 RCX: 00000000094f225d RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 RBP: 00007fd194ffcdb0 R08: 0000000000000000 R09: 0000000000000008 R10: 0000000000000001 R11: 0000000000000202 R12: 00007fd269d68030 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000

which is due to bio->bibdev being NULL. This can happen if we have two tasks doing polled IO, and task B ends up completing IO from task A if they are sharing a poll queue. If task B completes the IO and puts the bio into our cache, then it can allocate that bio again before task A is done polling for it. As that would necessitate a preempt between the two tasks, it's enough to just be a bit more careful in checking for whether or not bio->bibdev is NULL.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53366.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
be4d234d7aebbfe0c233bc20b9cdef7ab3408ff4
Fixed
1af0bdca03f367874da45d6cbe05fa05b90b1439
Fixed
0510d5e654d05053ed0e6309a9b42043ac9903ab
Fixed
310726c33ad76cebdee312dbfafc12c1b44bf977

Affected versions

v5.*
v5.14
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53366.json"
vanir_signatures 
[
    {
        "id": "CVE-2023-53366-37c72c30",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0510d5e654d05053ed0e6309a9b42043ac9903ab",
        "target": {
            "file": "block/blk-core.c",
            "function": "bio_poll"
        },
        "digest": {
            "function_hash": "4001496185469310381855022214927953276",
            "length": 594.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53366-4b87b6af",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0510d5e654d05053ed0e6309a9b42043ac9903ab",
        "target": {
            "file": "block/blk-core.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "323490377398001537162980945326371984328",
                "287533659228350648346754543038249833926",
                "201556249630561999019474408875748012798",
                "206328501516095929333855490849052721174",
                "275601733578796526717059393307379525049",
                "291272818425379133504148739027810529085",
                "328288604717988352909311302026191992050",
                "78719361819158160503111881865703935886",
                "90470766554995456384660968760977431637",
                "318231504085739202001390139696656528564"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53366-6ec27469",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@310726c33ad76cebdee312dbfafc12c1b44bf977",
        "target": {
            "file": "block/blk-core.c",
            "function": "iocb_bio_iopoll"
        },
        "digest": {
            "function_hash": "80519508014059888032439662163187451572",
            "length": 256.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53366-7739db05",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@310726c33ad76cebdee312dbfafc12c1b44bf977",
        "target": {
            "file": "block/blk-core.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "323490377398001537162980945326371984328",
                "287533659228350648346754543038249833926",
                "201556249630561999019474408875748012798",
                "206328501516095929333855490849052721174",
                "275601733578796526717059393307379525049",
                "291272818425379133504148739027810529085",
                "328288604717988352909311302026191992050",
                "78719361819158160503111881865703935886",
                "90470766554995456384660968760977431637",
                "318231504085739202001390139696656528564"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53366-a6675879",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1af0bdca03f367874da45d6cbe05fa05b90b1439",
        "target": {
            "file": "block/blk-core.c",
            "function": "iocb_bio_iopoll"
        },
        "digest": {
            "function_hash": "80519508014059888032439662163187451572",
            "length": 256.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53366-bf45a50c",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@310726c33ad76cebdee312dbfafc12c1b44bf977",
        "target": {
            "file": "block/blk-core.c",
            "function": "bio_poll"
        },
        "digest": {
            "function_hash": "80575540005691302207614757276007121070",
            "length": 615.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53366-d14ef9b7",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1af0bdca03f367874da45d6cbe05fa05b90b1439",
        "target": {
            "file": "block/blk-core.c",
            "function": "bio_poll"
        },
        "digest": {
            "function_hash": "4001496185469310381855022214927953276",
            "length": 594.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53366-efc564a8",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0510d5e654d05053ed0e6309a9b42043ac9903ab",
        "target": {
            "file": "block/blk-core.c",
            "function": "iocb_bio_iopoll"
        },
        "digest": {
            "function_hash": "80519508014059888032439662163187451572",
            "length": 256.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53366-f246a278",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1af0bdca03f367874da45d6cbe05fa05b90b1439",
        "target": {
            "file": "block/blk-core.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "323490377398001537162980945326371984328",
                "287533659228350648346754543038249833926",
                "201556249630561999019474408875748012798",
                "206328501516095929333855490849052721174",
                "275601733578796526717059393307379525049",
                "291272818425379133504148739027810529085",
                "328288604717988352909311302026191992050",
                "78719361819158160503111881865703935886",
                "90470766554995456384660968760977431637",
                "318231504085739202001390139696656528564"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    }
]

Git / github.com/gregkh/linux

Affected ranges

Type
GIT
Repo
https://github.com/gregkh/linux
Events
Introduced
8bb7eca972ad531c9b149c0a51ab43a417385813
Fixed
8a923980a19087421e8c99efb68ca0e4200daefd
Introduced
c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
Fixed
cdc56cf3e0ca6bd3119fc841de1c37b0e6e5b802

Affected versions

v5.*
v5.15
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53366.json"