Medium severity5.5NVD Advisory· Published Sep 18, 2025· Updated Apr 6, 2026

CVE-2023-53421

Description

In the Linux kernel, the following vulnerability has been resolved:

blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()

When blkg_alloc() is called to allocate a blkcg_gq structure with the associated blkg_iostat_set's, there are 2 fields within blkg_iostat_set that requires proper initialization - blkg & sync. The former field was introduced by commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") while the later one was introduced by commit f73316482977 ("blk-cgroup: reimplement basic IO stats using cgroup rstat").

Unfortunately those fields in the blkg_iostat_set's are not properly re-initialized when they are cleared in v1's blkcg_reset_stats(). This can lead to a kernel panic due to NULL pointer access of the blkg pointer. The missing initialization of sync is less problematic and can be a problem in a debug kernel due to missing lockdep initialization.

Fix these problems by re-initializing them after memory clearing.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=5.5,<6.3.13

Patches

0561aa6033dd

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

892faa76be89

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

b0d26283af61

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

abbce7f82613

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

3d2af77e31ad

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000