CVE-2023-52774

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52774
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52774.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52774
Downstream
Related
Published
2024-05-21T16:15:16Z
Modified
2025-09-23T20:00:36Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/dasd: protect device queue against concurrent access

In dasdprofilestart() the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel I/O, especially with alias devices enabled, the device queue can change while dasdprofilestart() is accessing the queue. In the worst case this leads to a kernel panic due to incorrect pointer accesses.

Fix this by taking the device lock before accessing the queue and counting the requests. Additionally the check for a valid profile data pointer can be done earlier to avoid unnecessary locking in a hot path.

References

Affected packages