{"id":"CVE-2023-53116","summary":"nvmet: avoid potential UAF in nvmet_req_complete()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid potential UAF in nvmet_req_complete()\n\nAn nvme target -\u003equeue_response() operation implementation may free the\nrequest passed as argument. Such implementation potentially could result\nin a use after free of the request pointer when percpu_ref_put() is\ncalled in nvmet_req_complete().\n\nAvoid such problem by using a local variable to save the sq pointer\nbefore calling __nvmet_req_complete(), thus avoiding dereferencing the\nreq pointer after that function call.","modified":"2026-05-18T05:55:33.393881370Z","published":"2025-05-02T15:55:54.858Z","related":["SUSE-SU-2025:01918-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53116.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/04c394208831d5e0d5cfee46722eb0f033cd4083"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6173a77b7e9d3e202bdb9897b23f2a8afe7bf286"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8ed9813871038b25a934b21ab76b5b7dbf44fc3a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a6317235da8aa7cb97529ebc8121cc2a4c4c437a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bcd535f07c58342302a2cd2bdd8894fe0872c8a9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5d99b29012bbf0e86929403209723b2806500c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1d5888a5efe345b63c430b256e95acb0a475642"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fafcb4b26393870c45462f9af6a48e581dbbcf7e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53116.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53116"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a07b4970f464f13640e28e16dad6cfa33647cc99"},{"fixed":"e5d99b29012bbf0e86929403209723b2806500c1"},{"fixed":"fafcb4b26393870c45462f9af6a48e581dbbcf7e"},{"fixed":"04c394208831d5e0d5cfee46722eb0f033cd4083"},{"fixed":"a6317235da8aa7cb97529ebc8121cc2a4c4c437a"},{"fixed":"f1d5888a5efe345b63c430b256e95acb0a475642"},{"fixed":"bcd535f07c58342302a2cd2bdd8894fe0872c8a9"},{"fixed":"8ed9813871038b25a934b21ab76b5b7dbf44fc3a"},{"fixed":"6173a77b7e9d3e202bdb9897b23f2a8afe7bf286"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53116.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.8.0"},{"fixed":"4.14.311"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.279"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.238"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.176"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.104"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.21"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53116.json"}}],"schema_version":"1.7.5"}