UBUNTU-CVE-2023-53366

In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump:...

CVE-2023-53366 block: be a bit more careful in checking for NULL bdev while polling

In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump:...

CVE-2023-53366

CVE-2023-53366 (Linux kernel)修正了在轮询时未正确检查 bio->bi_bdev 是否为 NULL 的漏洞，根本原因是在两任务共用轮询队列时，任务 B 可能在任务 A 仍在轮询时将 IO 重新分配给 bio，导致崩溃（kernel oops）。影响点在块层的 bio_poll/io_do_iopoll/io_uring_enter 路径，已通过内核修复在对 NULL bdev 的检查中加强保护。CVSSv3.1 向量为 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H，基线分数 5.5（中等），局部可利用且无需用户交互，影响的为可用...