Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling gfs2_make_fs_ro(), there is no need to call them again.

INFO

Published Date :

2024-05-21T15:30:46.427Z

Last Modified :

2025-11-03T21:50:24.860Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-52760 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-52760.

URL Resource
https://git.kernel.org/stable/c/08a28272faa750d4357ea2cb48d2baefd778ea81 cve-icon cve-icon
https://git.kernel.org/stable/c/7ad4e0a4f61c57c3ca291ee010a9d677d0199fba cve-icon
https://git.kernel.org/stable/c/bdcb8aa434c6d36b5c215d02a9ef07551be25a37 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024052147-CVE-2023-52760-5ac4@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52760 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52760 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact