CVE-2023-53116

nvmet: avoid potential UAF in nvmet_req_complete()

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request passed as argument. Such implementation potentially could result in a use after free of the request pointer when percpu_ref_put() is called in nvmet_req_complete(). Avoid such problem by using a local variable to save the sq pointer before calling __nvmet_req_complete(), thus avoiding dereferencing the req pointer after that function call.

INFO

Published Date :

2025-05-02T15:55:54.858Z

Last Modified :

2025-05-04T07:50:10.667Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2023-53116 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53116.

URL	Resource
https://git.kernel.org/stable/c/04c394208831d5e0d5cfee46722eb0f033cd4083
https://git.kernel.org/stable/c/6173a77b7e9d3e202bdb9897b23f2a8afe7bf286
https://git.kernel.org/stable/c/8ed9813871038b25a934b21ab76b5b7dbf44fc3a
https://git.kernel.org/stable/c/a6317235da8aa7cb97529ebc8121cc2a4c4c437a
https://git.kernel.org/stable/c/bcd535f07c58342302a2cd2bdd8894fe0872c8a9
https://git.kernel.org/stable/c/e5d99b29012bbf0e86929403209723b2806500c1
https://git.kernel.org/stable/c/f1d5888a5efe345b63c430b256e95acb0a475642
https://git.kernel.org/stable/c/fafcb4b26393870c45462f9af6a48e581dbbcf7e
https://lore.kernel.org/linux-cve-announce/2025050229-CVE-2023-53116-469c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-53116
https://www.cve.org/CVERecord?id=CVE-2023-53116

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact