CVE-2023-53047

MEDIUM

Linux Kernel 5.6-5.10.177 - Use-After-Free in AMDTEE Session Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().

References (5)

Core 5

Scores

CVSS v3 4.7
EPSS 0.0011
EPSS Percentile 1.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-362
Status published
Products (14)
Linux/Linux < 5.6
Linux/Linux 5.10.177 - 5.10.*
Linux/Linux 5.15.105 - 5.15.*
Linux/Linux 5.6
Linux/Linux 6.1.22 - 6.1.*
Linux/Linux 6.2.9 - 6.2.*
Linux/Linux 6.3
Linux/Linux 757cc3e9ff1d72d014096399d6e2bf03974d9da1 - 02b296978a2137d7128151c542e84dc96400bc00
Linux/Linux 757cc3e9ff1d72d014096399d6e2bf03974d9da1 - a63cce9393e4e7dbc5af82dc87e68cb321cb1a78
Linux/Linux 757cc3e9ff1d72d014096399d6e2bf03974d9da1 - b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35
... and 4 more
Published May 02, 2025
Tracked Since Feb 18, 2026