{"id":"CVE-2023-53576","summary":"null_blk: Always check queue mode setting from configfs","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: Always check queue mode setting from configfs\n\nMake sure to check device queue mode in the null_validate_conf() and\nreturn error for NULL_Q_RQ as we don't allow legacy I/O path, without\nthis patch we get OOPs when queue mode is set to 1 from configfs,\nfollowing are repro steps :-\n\nmodprobe null_blk nr_devices=0\nmkdir config/nullb/nullb0\necho 1 \u003e config/nullb/nullb0/memory_backed\necho 4096 \u003e config/nullb/nullb0/blocksize\necho 20480 \u003e config/nullb/nullb0/size\necho 1 \u003e config/nullb/nullb0/queue_mode\necho 1 \u003e config/nullb/nullb0/power\n\nEntering kdb (current=0xffff88810acdd080, pid 2372) on processor 42 Oops: (null)\ndue to oops @ 0xffffffffc041c329\nCPU: 42 PID: 2372 Comm: sh Tainted: G           O     N 6.3.0-rc5lblk+ #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:null_add_dev.part.0+0xd9/0x720 [null_blk]\nCode: 01 00 00 85 d2 0f 85 a1 03 00 00 48 83 bb 08 01 00 00 00 0f 85 f7 03 00 00 80 bb 62 01 00 00 00 48 8b 75 20 0f 85 6d 02 00 00 \u003c48\u003e 89 6e 60 48 8b 75 20 bf 06 00 00 00 e8 f5 37 2c c1 48 8b 75 20\nRSP: 0018:ffffc900052cbde0 EFLAGS: 00010246\nRAX: 0000000000000001 RBX: ffff88811084d800 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888100042e00\nRBP: ffff8881053d8200 R08: ffffc900052cbd68 R09: ffff888105db2000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002\nR13: ffff888104765200 R14: ffff88810eec1748 R15: ffff88810eec1740\nFS:  00007fd445fd1740(0000) GS:ffff8897dfc80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000060 CR3: 0000000166a00000 CR4: 0000000000350ee0\nDR0: ffffffff8437a488 DR1: ffffffff8437a489 DR2: ffffffff8437a48a\nDR3: ffffffff8437a48b DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n nullb_device_power_store+0xd1/0x120 [null_blk]\n configfs_write_iter+0xb4/0x120\n vfs_write+0x2ba/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7fd4460c57a7\nCode: 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24\nRSP: 002b:00007ffd3792a4a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd4460c57a7\nRDX: 0000000000000002 RSI: 000055b43c02e4c0 RDI: 0000000000000001\nRBP: 000055b43c02e4c0 R08: 000000000000000a R09: 00007fd44615b4e0\nR10: 00007fd44615b3e0 R11: 0000000000000246 R12: 0000000000000002\nR13: 00007fd446198520 R14: 0000000000000002 R15: 00007fd446198700\n \u003c/TASK\u003e","modified":"2026-04-02T09:44:30.883339Z","published":"2025-10-04T15:17:15.931Z","related":["SUSE-SU-2025:4111-1","SUSE-SU-2025:4139-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53576.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/35e304dbcefa95237a3d6f94c007bfb10f012b17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/63f8793ee60513a09f110ea460a6ff2c33811cdb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/651260e563d9f50827dac496dc8a0b9b23d5db1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e732a266b973cd4e115e2cc2ea5007119e8a7fbc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd35b7bb6d5a329c427924886949ab51f210200a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53576.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53576"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e50b1e327aeb4b224364aa6f85c1713ff8b3654b"},{"fixed":"e732a266b973cd4e115e2cc2ea5007119e8a7fbc"},{"fixed":"35e304dbcefa95237a3d6f94c007bfb10f012b17"},{"fixed":"fd35b7bb6d5a329c427924886949ab51f210200a"},{"fixed":"651260e563d9f50827dac496dc8a0b9b23d5db1a"},{"fixed":"63f8793ee60513a09f110ea460a6ff2c33811cdb"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53576.json"}}],"schema_version":"1.7.5"}