CVE-2023-52837

HIGH

Linux Kernel 5.14-6.1.63 6.5.12-6.5.* 6.6.2-6.6.* - Use-After-Free in nbd_open

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered in nbd_open() if someone tries to open nbd device right after nbd_put() since nbd has been free in nbd_dev_remove(). Fix this by implementing ->free_disk and free private data in it.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3

Patch

https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db

Patch

https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe

Patch

https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (11)

Linux/Linux < 5.14

Linux/Linux 4af5f2e0301311f88c420fcfc5f3c8611ade20ac - 327462725b0f759f093788dfbcb2f1fd132f956b

Linux/Linux 4af5f2e0301311f88c420fcfc5f3c8611ade20ac - 4e9b3ec84dc97909876641dad14e0a2300d6c2a3

Linux/Linux 4af5f2e0301311f88c420fcfc5f3c8611ade20ac - 56bd7901b5e9dbc9112036ea615ebcba1565fafe

Linux/Linux 4af5f2e0301311f88c420fcfc5f3c8611ade20ac - 879947f4180bc6e83af64eb0515e0cf57fce15db

Linux/Linux 5.14

Linux/Linux 6.1.63 - 6.1.*

Linux/Linux 6.5.12 - 6.5.*

Linux/Linux 6.6.2 - 6.6.*

Linux/Linux 6.7

... and 1 more

Published May 21, 2024

Tracked Since Feb 18, 2026