CVE-2023-53307Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 16

Description

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returnin

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.94.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux1643dfa4c2c827d6e2aa419df8c17b0f2409027871da2a151ed1adb0aea4252b16d81b53012e7afd+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-8r48-cm72-rr67: In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting2025-09-16
OSV
CVE-2023-53307: In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting a2025-09-16

📋Vendor Advisories

2
Red Hat
kernel: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails2025-09-16
Debian
CVE-2023-53307: linux - In the Linux kernel, the following vulnerability has been resolved: rbd: avoid ...2023
CVE-2023-53307 — Use After Free in Linux | cvebase