CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> loop: Fix use-after-free issues<br /> <br /> do_req_filebacked() calls blk_mq_complete_request() synchronously or<br /> asynchronously when using asynchronous I/O unless memory allocation fails.<br /> Hence, modify loop_handle_cmd() such that it does not dereference &amp;#39;cmd&amp;#39; nor<br /> &amp;#39;rq&amp;#39; after do_req_filebacked() finished unless we are sure that the request<br /> has not yet been completed. This patch fixes the following kernel crash:<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000054<br /> Call trace:<br /> css_put.42938+0x1c/0x1ac<br /> loop_process_work+0xc8c/0xfd4<br /> loop_rootcg_workfn+0x24/0x34<br /> process_one_work+0x244/0x558<br /> worker_thread+0x400/0x8fc<br /> kthread+0x16c/0x1e0<br /> ret_from_fork+0x10/0x20