{"id":"CVE-2023-54293","summary":"bcache: fixup btree_cache_wait list damage","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fixup btree_cache_wait list damage\n\nWe get a kernel crash about \"list_add corruption. next-\u003eprev should be\nprev (ffff9c801bc01210), but was ffff9c77b688237c.\n(next=ffffae586d8afe68).\"\n\ncrash\u003e struct list_head 0xffff9c801bc01210\nstruct list_head {\n  next = 0xffffae586d8afe68,\n  prev = 0xffffae586d8afe68\n}\ncrash\u003e struct list_head 0xffff9c77b688237c\nstruct list_head {\n  next = 0x0,\n  prev = 0x0\n}\ncrash\u003e struct list_head 0xffffae586d8afe68\nstruct list_head struct: invalid kernel virtual address: ffffae586d8afe68  type: \"gdb_readmem_callback\"\nCannot access memory at address 0xffffae586d8afe68\n\n[230469.019492] Call Trace:\n[230469.032041]  prepare_to_wait+0x8a/0xb0\n[230469.044363]  ? bch_btree_keys_free+0x6c/0xc0 [escache]\n[230469.056533]  mca_cannibalize_lock+0x72/0x90 [escache]\n[230469.068788]  mca_alloc+0x2ae/0x450 [escache]\n[230469.080790]  bch_btree_node_get+0x136/0x2d0 [escache]\n[230469.092681]  bch_btree_check_thread+0x1e1/0x260 [escache]\n[230469.104382]  ? finish_wait+0x80/0x80\n[230469.115884]  ? bch_btree_check_recurse+0x1a0/0x1a0 [escache]\n[230469.127259]  kthread+0x112/0x130\n[230469.138448]  ? kthread_flush_work_fn+0x10/0x10\n[230469.149477]  ret_from_fork+0x35/0x40\n\nbch_btree_check_thread() and bch_dirty_init_thread() may call\nmca_cannibalize() to cannibalize other cached btree nodes. Only one thread\ncan do it at a time, so the op of other threads will be added to the\nbtree_cache_wait list.\n\nWe must call finish_wait() to remove op from btree_cache_wait before free\nit's memory address. Otherwise, the list will be damaged. Also should call\nbch_cannibalize_unlock() to release the btree_cache_alloc_lock and wake_up\nother waiters.","modified":"2026-03-31T17:29:26.910181661Z","published":"2025-12-30T12:23:31.111Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54293.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/25ec4779d0fb3ed9cac1e4d9e0e4261b4a12f6ed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2882a4c4f0c90e99f37dbd8db369b9982fd613e7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bcb295778afda4f2feb0d3c0289a53fd43d5a3a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cbdd5b3322f7bbe6454c97cac994757f1192c07b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f0854489fc07d2456f7cc71a63f4faf9c716ffbe"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54293.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54293"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8e7102273f597dbb38af43da874f8c123f8e6dbe"},{"fixed":"bcb295778afda4f2feb0d3c0289a53fd43d5a3a6"},{"fixed":"cbdd5b3322f7bbe6454c97cac994757f1192c07b"},{"fixed":"25ec4779d0fb3ed9cac1e4d9e0e4261b4a12f6ed"},{"fixed":"2882a4c4f0c90e99f37dbd8db369b9982fd613e7"},{"fixed":"f0854489fc07d2456f7cc71a63f4faf9c716ffbe"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54293.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.7.0"},{"fixed":"5.10.188"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.121"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.39"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54293.json"}}],"schema_version":"1.7.5"}