{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T05:44:01.316","vulnerabilities":[{"cve":{"id":"CVE-2023-54107","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-24T13:16:12.593","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: dropping parent refcount after pd_free_fn() is done\n\nSome cgroup policies will access parent pd through child pd even\nafter pd_offline_fn() is done. If pd_free_fn() for parent is called\nbefore child, then UAF can be triggered. Hence it's better to guarantee\nthe order of pd_free_fn().\n\nCurrently refcount of parent blkg is dropped in __blkg_release(), which\nis before pd_free_fn() is called in blkg_free_work_fn() while\nblkg_free_work_fn() is called asynchronously.\n\nThis patch make sure pd_free_fn() called from removing cgroup is ordered\nby delaying dropping parent refcount after calling pd_free_fn() for\nchild.\n\nBTW, pd_free_fn() will also be called from blkcg_deactivate_policy()\nfrom deleting device, and following patches will guarantee the order."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/c7241babf0855d8a6180cd1743ff0ec34de40b4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}