{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53421","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:54:09.741Z","datePublished":"2025-09-18T16:04:04.526Z","dateUpdated":"2026-05-11T19:44:39.128Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:44:39.128Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()\n\nWhen blkg_alloc() is called to allocate a blkcg_gq structure\nwith the associated blkg_iostat_set's, there are 2 fields within\nblkg_iostat_set that requires proper initialization - blkg & sync.\nThe former field was introduced by commit 3b8cc6298724 (\"blk-cgroup:\nOptimize blkcg_rstat_flush()\") while the later one was introduced by\ncommit f73316482977 (\"blk-cgroup: reimplement basic IO stats using\ncgroup rstat\").\n\nUnfortunately those fields in the blkg_iostat_set's are not properly\nre-initialized when they are cleared in v1's blkcg_reset_stats(). This\ncan lead to a kernel panic due to NULL pointer access of the blkg\npointer. The missing initialization of sync is less problematic and\ncan be a problem in a debug kernel due to missing lockdep initialization.\n\nFix these problems by re-initializing them after memory clearing."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["block/blk-cgroup.c"],"versions":[{"version":"f73316482977ac401ac37245c9df48079d4e11f3","lessThan":"0561aa6033dd181594116d705c41fc16e97161a2","status":"affected","versionType":"git"},{"version":"f73316482977ac401ac37245c9df48079d4e11f3","lessThan":"892faa76be894d324bf48b12a55c7af7be2bad83","status":"affected","versionType":"git"},{"version":"f73316482977ac401ac37245c9df48079d4e11f3","lessThan":"b0d26283af612b9e0cc3188b0b88ad7fdea447e8","status":"affected","versionType":"git"},{"version":"f73316482977ac401ac37245c9df48079d4e11f3","lessThan":"abbce7f82613ea5eeefd0fc3c1c8e449b9cef2a2","status":"affected","versionType":"git"},{"version":"f73316482977ac401ac37245c9df48079d4e11f3","lessThan":"3d2af77e31ade05ff7ccc3658c3635ec1bea0979","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["block/blk-cgroup.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.13","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4.4","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.1.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.3.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.4.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0561aa6033dd181594116d705c41fc16e97161a2"},{"url":"https://git.kernel.org/stable/c/892faa76be894d324bf48b12a55c7af7be2bad83"},{"url":"https://git.kernel.org/stable/c/b0d26283af612b9e0cc3188b0b88ad7fdea447e8"},{"url":"https://git.kernel.org/stable/c/abbce7f82613ea5eeefd0fc3c1c8e449b9cef2a2"},{"url":"https://git.kernel.org/stable/c/3d2af77e31ade05ff7ccc3658c3635ec1bea0979"}],"title":"blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53421","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T19:12:11.098390Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T19:13:10.626Z"}}]}}