CVE-2023-52787

blk-mq: make sure active queue usage is held for bio_integrity_prep()

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for bio_integrity_prep() blk_integrity_unregister() can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed with calling profile->complete_fn, then kernel panic. Another constraint is that bio_integrity_prep() needs to be called before bio merge. Fix the issue by: - call bio_integrity_prep() with one queue usage counter grabbed reliably - call bio_integrity_prep() before bio merge

N/A
CVSS
Severity:
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b5c8e0ff76d10f6bf70a7237678f27c20cf59bc9
https://git.kernel.org/stable/c/e9c309ded295b7f8849097d71ae231456ca79f78
https://git.kernel.org/stable/c/b80056bd75a16e4550873ecefe12bc8fd190b1cf
https://git.kernel.org/stable/c/b0077e269f6c152e807fdac90b58caf012cdbaab

Frequently Asked Questions

What is the severity of CVE-2023-52787?
CVE-2023-52787 has not yet been assigned a CVSS score.
How to fix CVE-2023-52787?
To fix CVE-2023-52787, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52787 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52787 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52787?
CVE-2023-52787 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.