CVE-2023-54227
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix tags leak when shrink nr_hw_queues
Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to free them. Or these tags will be leaked.
How to reproduce:
- mount -t configfs configfs /mnt
- modprobe null_blk nr_devices=0 submit_queues=8
- mkdir /mnt/nullb/nullb0
- echo 1 > /mnt/nullb/nullb0/power
- echo 4 > /mnt/nullb/nullb0/submit_queues
- rmdir /mnt/nullb/nullb0
In step 4, will alloc 9 tags (8 submit queues and 1 poll queue), then in step 5, new_nr_hw_queues = 5 (4 submit queues and 1 poll queue). At last in step 6, only these 5 tags are freed, the other 4 tags leaked.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a846a8e6c9a5949582c5a6a8bbc83a7d27fd891e < c0ef7493e68b8896806a2f598fcffbaa97333405 | affected |
| Linux | Linux | a846a8e6c9a5949582c5a6a8bbc83a7d27fd891e < e1dd7bc93029024af5688253b0c05181d6e01f8e | affected |
| Linux | Linux | 5.16 | affected |
| Linux | Linux | 0 < 5.16 | unaffected |
| Linux | Linux | 6.5.5 <= 6.5.* | unaffected |
| Linux | Linux | 6.6 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/c0ef7493e68b8896806a2f598fcffbaa97333405
- https://git.kernel.org/stable/c/e1dd7bc93029024af5688253b0c05181d6e01f8e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.