CVE-2023-53810

Root

Cause

The vulnerability resides in the Linux kernel's block multi-queue (blk-mq) subsystem. When I/O operations using a blk_crypto_key complete, the kernel invokes bio_endio() to notify upper layers. However, the crypto keyslot associated with the request is not released until the request is freed, which occurs after the I/O completion notification. This creates a race condition where a filesystem may call blk_crypto_evict_key() after seeing the I/O complete, but before the keyslot is released. The eviction function then sees a non-zero slot reference count (slot_refs != 0) and triggers a WARN_ON_ONCE, returning without actually evicting the key.

Exploitation and

Attack Surface

Exploitation requires a user or process with the ability to set up per-file encryption keys (e.g., using fscrypt) and to trigger concurrent I/O and key eviction operations. No special privileges beyond normal file access are needed; the race is triggered by timing-dependent file operations. The attack surface is limited to systems using inline encryption hardware and file-based encryption, typically Android or Linux systems with fscrypt and a block device that supports blk-crypto.

Impact

If the keyslot is not properly released, the subsequent failure to evict the key can lead to a use-after-free condition when blk_crypto_reprogram_all_keys() is called. This can result in system crashes, data corruption, or potential privilege escalation if an attacker can orchestrate the timing. The bug is described as very rare, but when triggered it may allow an attacker to corrupt kernel memory.

Mitigation

The fix was applied in Linux kernel stable branches via commits [1] and [2]. The resolution releases the crypto keyslot before calling bio_endio() on the request's last bio, ensuring that blk_crypto_evict_key() sees a correct reference count. Users should update to a kernel containing these commits. No workaround is documented; affected systems using per-file keys with fscrypt should prioritize patching.