CVE-2023-53867
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix potential use-after-free bug when trimming caps
When trimming the caps and just after the 'session->s_cap_lock' is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash.
We need to check the existence of the cap just after the 'ci->i_ceph_lock' being acquired. And do nothing if it's already removed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2f2dc053404febedc9c273452d9d518fb31fde72 < 2b2515b8095cf2149bef44383a99d5b5677f1831 | affected |
| Linux | Linux | 2f2dc053404febedc9c273452d9d518fb31fde72 < 448875a73e16ba7d81dec9274ce9d33a12d092fb | affected |
| Linux | Linux | 2f2dc053404febedc9c273452d9d518fb31fde72 < ae6e935618d99cdba11eab4714092e7e5f13cf7e | affected |
| Linux | Linux | 2f2dc053404febedc9c273452d9d518fb31fde72 < aaf67de78807c59c35bafb5003d4fb457c764800 | affected |
| Linux | Linux | 2.6.34 | affected |
| Linux | Linux | 0 < 2.6.34 | unaffected |
| Linux | Linux | 6.1.28 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.15 <= 6.2.* | unaffected |
| Linux | Linux | 6.3.2 <= 6.3.* | unaffected |
| Linux | Linux | 6.4 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/2b2515b8095cf2149bef44383a99d5b5677f1831
- https://git.kernel.org/stable/c/448875a73e16ba7d81dec9274ce9d33a12d092fb
- https://git.kernel.org/stable/c/ae6e935618d99cdba11eab4714092e7e5f13cf7e
- https://git.kernel.org/stable/c/aaf67de78807c59c35bafb5003d4fb457c764800
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.