CVE-2023-52760Use After Free in Linux

CWE-416Use After Free32 documents8 sources
Severity
7.8HIGHNVD
OSV8.4OSV5.5OSV5.3
EPSS
0.0%
top 94.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedMay 21
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called by gfs2_make_fs_ro(), so in gfs2_put_super(), after cal

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel6.26.6.3+1
Debianlinux/linux_kernel< 6.6.8-1+1
Ubuntulinux/linux_kernel< 5.4.0-193.213+3
CVEListV5linux/linuxf66af88e33212b57ea86da2c5d66c0d9d5c4634408a28272faa750d4357ea2cb48d2baefd778ea81+2
debiandebian/linux< linux 6.6.8-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

15
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-iot vulnerabilities2024-09-12
OSV
linux-raspi-5.4 vulnerabilities2024-09-02
OSV
linux-oracle vulnerabilities2024-08-28
OSV
linux-aws-5.4 vulnerabilities2024-08-26

📋Vendor Advisories

15
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel vulnerabilities2024-09-12
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2024-09-02
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-08-28
Ubuntu
Linux kernel (AWS) vulnerabilities2024-08-26

💬Community

1
Bugzilla
CVE-2023-52760 kernel: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc2024-05-22