CVE-2023-53783

Root

Cause

CVE-2023-53783 is a divide-by-zero vulnerability in the Linux kernel's blk-iocost subsystem, specifically within the calc_lcoefs() function. The issue arises when a user writes an extremely large value (e.g., the maximum u64 value, 18446744073709551615) for rbps (read bytes per second) to the cgroup's io.cost.model file. This input is used in a DIV_ROUND_UP_ULL macro call; if bps + IOC_PAGE_SIZE overflows and wraps around to zero, it causes a division-by-zero exception and a kernel panic [1][2].

Attack

Surface

To trigger the bug, a local user must have write access to the io.cost.model cgroup file, which typically requires root privileges or Linux capabilities such as CAP_SYS_ADMIN within a cgroup namespace. No network attack vector exists; exploitation is local and requires sufficient permissions to write to that cgroup interface.

Impact

A successful trigger results in an immediate kernel crash (oops) in the calc_lcoefs path, leading to a denial of service (DoS) for the entire system. The crash trace shows the divide error occurs during the ioc_refresh_params() call chain initiated by the cgroup write [1]. While this does not provide arbitrary code execution, it reliably destabilizes the host.

Mitigation

The fix, merged into multiple stable kernel branches, adds a check to sanitize the input value inside calc_lcoefs(), preventing the arithmetic overflow that leads to the division by zero [2]. System administrators should apply the latest kernel updates from their distribution to close this vulnerability.