CVE-2023-53047

Summary

In the Linux kernel, the following vulnerability has been resolved:

tee: amdtee: fix race condition in amdtee_open_session

There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting:

sess->session_info[i] = session_info;

if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session().

The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux757cc3e9ff1d72d014096399d6e2bf03974d9da1 < f632a90f8e39db39b322107b9a8d438b826a7f4faffected
LinuxLinux757cc3e9ff1d72d014096399d6e2bf03974d9da1 < 02b296978a2137d7128151c542e84dc96400bc00affected
LinuxLinux757cc3e9ff1d72d014096399d6e2bf03974d9da1 < a63cce9393e4e7dbc5af82dc87e68cb321cb1a78affected
LinuxLinux757cc3e9ff1d72d014096399d6e2bf03974d9da1 < b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35affected
LinuxLinux757cc3e9ff1d72d014096399d6e2bf03974d9da1 < f8502fba45bd30e1a6a354d9d898bc99d1a11e6daffected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux5.10.177 <= 5.10.*unaffected
LinuxLinux5.15.105 <= 5.15.*unaffected
LinuxLinux6.1.22 <= 6.1.*unaffected
LinuxLinux6.2.9 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References