Null Pointer Dereference in Linux Kernel Affecting Block Device I/O
CVE-2023-53366

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
17 September 2025

What is CVE-2023-53366?

A vulnerability in the Linux Kernel can lead to a crash during polled I/O operations caused by a NULL pointer reference to the block device. This issue arises when multiple tasks attempt to share a poll queue, leading to potential preemption issues. Specifically, if one task completes an I/O operation and stores the bio in the cache, that bio may be reallocated before the previous task finishes polling on it. Developers must ensure additional safeguards when checking for NULL values in the bio structure to avoid crashes.

Affected Version(s)

Linux be4d234d7aebbfe0c233bc20b9cdef7ab3408ff4 < 1af0bdca03f367874da45d6cbe05fa05b90b1439

Linux be4d234d7aebbfe0c233bc20b9cdef7ab3408ff4 < 0510d5e654d05053ed0e6309a9b42043ac9903ab

Linux be4d234d7aebbfe0c233bc20b9cdef7ab3408ff4 < 310726c33ad76cebdee312dbfafc12c1b44bf977

References

https://git.kernel.org/stable/c/1af0bdca03f367874da45d6cb...
https://git.kernel.org/stable/c/0510d5e654d05053ed0e6309a...
https://git.kernel.org/stable/c/310726c33ad76cebdee312dbf...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-53366 : Null Pointer Dereference in Linux Kernel Affecting Block Device I/O