{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53366","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:54:09.733Z","datePublished":"2025-09-17T14:56:54.604Z","dateUpdated":"2026-05-11T19:43:33.516Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:43:33.516Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: be a bit more careful in checking for NULL bdev while polling\n\nWei reports a crash with an application using polled IO:\n\nPGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0\nOops: 0000 [#1] SMP\nCPU: 0 PID: 21915 Comm: iocore_0 Kdump: loaded Tainted: G S                5.12.0-0_fbk12_clang_7346_g1bb6f2e7058f #1\nHardware name: Wiwynn Delta Lake MP T8/Delta Lake-Class2, BIOS Y3DLM08 04/10/2022\nRIP: 0010:bio_poll+0x25/0x200\nCode: 0f 1f 44 00 00 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 48 8b 47 08 <48> 8b 80 70 02 00 00 4c 8b 70 50 8b 6f 34 31 db 83 fd ff 75 25 65\nRSP: 0018:ffffc90005fafdf8 EFLAGS: 00010292\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 74b43cd65dd66600\nRDX: 0000000000000003 RSI: ffffc90005fafe78 RDI: ffff8884b614e140\nRBP: ffff88849964df78 R08: 0000000000000000 R09: 0000000000000008\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff88849964df00\nR13: ffffc90005fafe78 R14: ffff888137d3c378 R15: 0000000000000001\nFS:  00007fd195000640(0000) GS:ffff88903f400000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000270 CR3: 0000000466121001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n iocb_bio_iopoll+0x1d/0x30\n io_do_iopoll+0xac/0x250\n __se_sys_io_uring_enter+0x3c5/0x5a0\n ? __x64_sys_write+0x89/0xd0\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x94f225d\nCode: 24 cc 00 00 00 41 8b 84 24 d0 00 00 00 c1 e0 04 83 e0 10 41 09 c2 8b 33 8b 53 04 4c 8b 43 18 4c 63 4b 0c b8 aa 01 00 00 0f 05 <85> c0 0f 88 85 00 00 00 29 03 45 84 f6 0f 84 88 00 00 00 41 f6 c7\nRSP: 002b:00007fd194ffcd88 EFLAGS: 00000202 ORIG_RAX: 00000000000001aa\nRAX: ffffffffffffffda RBX: 00007fd194ffcdc0 RCX: 00000000094f225d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007\nRBP: 00007fd194ffcdb0 R08: 0000000000000000 R09: 0000000000000008\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007fd269d68030\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000\n\nwhich is due to bio->bi_bdev being NULL. This can happen if we have two\ntasks doing polled IO, and task B ends up completing IO from task A if\nthey are sharing a poll queue. If task B completes the IO and puts the\nbio into our cache, then it can allocate that bio again before task A\nis done polling for it. As that would necessitate a preempt between the\ntwo tasks, it's enough to just be a bit more careful in checking for\nwhether or not bio->bi_bdev is NULL."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["block/blk-core.c"],"versions":[{"version":"be4d234d7aebbfe0c233bc20b9cdef7ab3408ff4","lessThan":"1af0bdca03f367874da45d6cbe05fa05b90b1439","status":"affected","versionType":"git"},{"version":"be4d234d7aebbfe0c233bc20b9cdef7ab3408ff4","lessThan":"0510d5e654d05053ed0e6309a9b42043ac9903ab","status":"affected","versionType":"git"},{"version":"be4d234d7aebbfe0c233bc20b9cdef7ab3408ff4","lessThan":"310726c33ad76cebdee312dbfafc12c1b44bf977","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["block/blk-core.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"6.1.16","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.3","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.2.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1af0bdca03f367874da45d6cbe05fa05b90b1439"},{"url":"https://git.kernel.org/stable/c/0510d5e654d05053ed0e6309a9b42043ac9903ab"},{"url":"https://git.kernel.org/stable/c/310726c33ad76cebdee312dbfafc12c1b44bf977"}],"title":"block: be a bit more careful in checking for NULL bdev while polling","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53366","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:45:36.502954Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:53:02.318Z"}}]}}