CVE-2023-53613

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dax: Fix dax_mapping_release() use after free<br /> <br /> A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region<br /> provider (like modprobe -r dax_hmem) yields:<br /> <br /> kobject: &amp;#39;mapping0&amp;#39; (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)<br /> [..]<br /> DEBUG_LOCKS_WARN_ON(1)<br /> WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260<br /> [..]<br /> RIP: 0010:__lock_acquire+0x9fc/0x2260<br /> [..]<br /> Call Trace:<br /> <br /> [..]<br /> lock_acquire+0xd4/0x2c0<br /> ? ida_free+0x62/0x130<br /> _raw_spin_lock_irqsave+0x47/0x70<br /> ? ida_free+0x62/0x130<br /> ida_free+0x62/0x130<br /> dax_mapping_release+0x1f/0x30<br /> device_release+0x36/0x90<br /> kobject_delayed_cleanup+0x46/0x150<br /> <br /> Due to attempting ida_free() on an ida object that has already been<br /> freed. Devices typically only hold a reference on their parent while<br /> registered. If a child needs a parent object to complete its release it<br /> needs to hold a reference that it drops from its release callback.<br /> Arrange for a dax_mapping to pin its parent dev_dax instance until<br /> dax_mapping_release().