CVE-2023-53867 — Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session->s_cap_lock' is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash. We need to check the existence of the cap just after the 'ci->i_ceph_lock' being acquired. And do nothing if it's already removed.

Affected Packages4 packages

▶Linuxlinux/linux_kernel2.6.34 — 6.1.28+2

▶Debianlinux/linux_kernel< 6.1.37-1+2

▶CVEListV5linux/linux2f2dc053404febedc9c273452d9d518fb31fde72 — 2b2515b8095cf2149bef44383a99d5b5677f1831+4

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-f688-j3hq-jm53: In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps↗2025-12-24

▶

OSV

ceph: fix potential use-after-free bug when trimming caps↗2025-12-24

▶

OSV

CVE-2023-53867: In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps a↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: ceph: fix potential use-after-free bug when trimming caps↗2025-12-24

▶

Debian

CVE-2023-53867: linux - In the Linux kernel, the following vulnerability has been resolved: ceph: fix p...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53867 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶