CVE-2023-53210

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()<br /> <br /> r5l_flush_stripe_to_raid() will check if the list &amp;#39;flushing_ios&amp;#39; is<br /> empty, and then submit &amp;#39;flush_bio&amp;#39;, however, r5l_log_flush_endio()<br /> is clearing the list first and then clear the bio, which will cause<br /> null-ptr-deref:<br /> <br /> T1: submit flush io<br /> raid5d<br /> handle_active_stripes<br /> r5l_flush_stripe_to_raid<br /> // list is empty<br /> // add &amp;#39;io_end_ios&amp;#39; to the list<br /> bio_init<br /> submit_bio<br /> // io1<br /> <br /> T2: io1 is done<br /> r5l_log_flush_endio<br /> list_splice_tail_init<br /> // clear the list<br /> T3: submit new flush io<br /> ...<br /> r5l_flush_stripe_to_raid<br /> // list is empty<br /> // add &amp;#39;io_end_ios&amp;#39; to the list<br /> bio_init<br /> bio_uninit<br /> // clear bio-&gt;bi_blkg<br /> submit_bio<br /> // null-ptr-deref<br /> <br /> Fix this problem by clearing bio before clearing the list in<br /> r5l_log_flush_endio().