CVE-2023-53536

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk-crypto: make blk_crypto_evict_key() more robust<br /> <br /> If blk_crypto_evict_key() sees that the key is still in-use (due to a<br /> bug) or that -&gt;keyslot_evict failed, it currently just returns while<br /> leaving the key linked into the keyslot management structures.<br /> <br /> However, blk_crypto_evict_key() is only called in contexts such as inode<br /> eviction where failure is not an option. So actually the caller<br /> proceeds with freeing the blk_crypto_key regardless of the return value<br /> of blk_crypto_evict_key().<br /> <br /> These two assumptions don&amp;#39;t match, and the result is that there can be a<br /> use-after-free in blk_crypto_reprogram_all_keys() after one of these<br /> errors occurs. (Note, these errors *shouldn&amp;#39;t* happen; we&amp;#39;re just<br /> talking about what happens if they do anyway.)<br /> <br /> Fix this by making blk_crypto_evict_key() unlink the key from the<br /> keyslot management structures even on failure.<br /> <br /> Also improve some comments.