Description

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered in nbd_open() if someone tries to open nbd device right after nbd_put() since nbd has been free in nbd_dev_remove(). Fix this by implementing ->free_disk and free private data in it.

INFO

Published Date :

2024-05-21T15:31:37.859Z

Last Modified :

2025-05-04T07:44:02.911Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-52837 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-52837.

URL Resource
https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b cve-icon cve-icon
https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3 cve-icon cve-icon
https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe cve-icon cve-icon
https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052110-CVE-2023-52837-6490@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52837 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52837 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact