Bug 2400777 (CVE-2023-53494)

Summary: CVE-2023-53494 kernel: crypto: xts - Handle EBUSY correctly
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw use after free in the Linux kernel XTS (XOR Encrypt XOR with ciphertext stealing) crypto Kernel module was found in the way privileges user triggers XTS crypto API in specific way. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-01 12:06:50 UTC 
In the Linux kernel, the following vulnerability has been resolved:

crypto: xts - Handle EBUSY correctly

As it is xts only handles the special return value of EINPROGRESS,
which means that in all other cases it will free data related to the
request.

However, as the caller of xts may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way.  Otherwise backlogged
requests will trigger a use-after-free.
Comment 1 Jon Moroney 2025-10-01 19:51:11 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100124-CVE-2023-53494-6542@gregkh/T
Comment 4 errata-xmlrpc 2025-11-03 02:27:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:19409 https://access.redhat.com/errata/RHSA-2025:19409
Comment 7 errata-xmlrpc 2025-11-12 00:31:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:21051 https://access.redhat.com/errata/RHSA-2025:21051
Comment 8 errata-xmlrpc 2025-11-12 08:09:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21091 https://access.redhat.com/errata/RHSA-2025:21091
Comment 9 errata-xmlrpc 2025-11-12 11:25:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21112 https://access.redhat.com/errata/RHSA-2025:21112
Comment 10 errata-xmlrpc 2025-11-12 13:48:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:21128 https://access.redhat.com/errata/RHSA-2025:21128
Comment 11 errata-xmlrpc 2025-11-12 15:05:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21136 https://access.redhat.com/errata/RHSA-2025:21136
Comment 12 errata-xmlrpc 2025-11-19 12:27:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:21760 https://access.redhat.com/errata/RHSA-2025:21760