{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-17T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: block: be a bit more careful in checking for NULL bdev while polling",
    "id" : "2396126",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396126"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nblock: be a bit more careful in checking for NULL bdev while polling\nWei reports a crash with an application using polled IO:\nPGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0\nOops: 0000 [#1] SMP\nCPU: 0 PID: 21915 Comm: iocore_0 Kdump: loaded Tainted: G S                5.12.0-0_fbk12_clang_7346_g1bb6f2e7058f #1\nHardware name: Wiwynn Delta Lake MP T8/Delta Lake-Class2, BIOS Y3DLM08 04/10/2022\nRIP: 0010:bio_poll+0x25/0x200\nCode: 0f 1f 44 00 00 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 48 8b 47 08 <48> 8b 80 70 02 00 00 4c 8b 70 50 8b 6f 34 31 db 83 fd ff 75 25 65\nRSP: 0018:ffffc90005fafdf8 EFLAGS: 00010292\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 74b43cd65dd66600\nRDX: 0000000000000003 RSI: ffffc90005fafe78 RDI: ffff8884b614e140\nRBP: ffff88849964df78 R08: 0000000000000000 R09: 0000000000000008\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff88849964df00\nR13: ffffc90005fafe78 R14: ffff888137d3c378 R15: 0000000000000001\nFS:  00007fd195000640(0000) GS:ffff88903f400000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000270 CR3: 0000000466121001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\niocb_bio_iopoll+0x1d/0x30\nio_do_iopoll+0xac/0x250\n__se_sys_io_uring_enter+0x3c5/0x5a0\n? __x64_sys_write+0x89/0xd0\ndo_syscall_64+0x2d/0x40\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x94f225d\nCode: 24 cc 00 00 00 41 8b 84 24 d0 00 00 00 c1 e0 04 83 e0 10 41 09 c2 8b 33 8b 53 04 4c 8b 43 18 4c 63 4b 0c b8 aa 01 00 00 0f 05 <85> c0 0f 88 85 00 00 00 29 03 45 84 f6 0f 84 88 00 00 00 41 f6 c7\nRSP: 002b:00007fd194ffcd88 EFLAGS: 00000202 ORIG_RAX: 00000000000001aa\nRAX: ffffffffffffffda RBX: 00007fd194ffcdc0 RCX: 00000000094f225d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007\nRBP: 00007fd194ffcdb0 R08: 0000000000000000 R09: 0000000000000008\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007fd269d68030\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000\nwhich is due to bio->bi_bdev being NULL. This can happen if we have two\ntasks doing polled IO, and task B ends up completing IO from task A if\nthey are sharing a poll queue. If task B completes the IO and puts the\nbio into our cache, then it can allocate that bio again before task A\nis done polling for it. As that would necessitate a preempt between the\ntwo tasks, it's enough to just be a bit more careful in checking for\nwhether or not bio->bi_bdev is NULL." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53366\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53366\nhttps://lore.kernel.org/linux-cve-announce/2025091723-CVE-2023-53366-c8e7@gregkh/T" ],
  "name" : "CVE-2023-53366",
  "csaw" : false
}