CVE-2023-54142Linux vulnerability

7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy(). syzkaller reported use-after-free in __gtp_encap_destroy(). [0] It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 ("gtp: fix suspicious RCU usage") added lock_sock() and release_sock() in __gtp_encap_destroy() to protect sk->sk_user_data, but release_sock() is called after sock_put() releases the last refcnt. [0]: BUG: KASAN: slab-use-after-fre

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.04.19.291+7
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux01f3c64e405ab3d25887d080a103ad76f30661d2d38039697184aacff1cf576e14ef583112fdefef+11
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54142: In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy()2025-12-24
OSV
gtp: Fix use-after-free in __gtp_encap_destroy().2025-12-24
GHSA
GHSA-frp2-qrfx-2m63: In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy()2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: gtp: Fix use-after-free in __gtp_encap_destroy()2025-12-24
Debian
CVE-2023-54142: linux - In the Linux kernel, the following vulnerability has been resolved: gtp: Fix us...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54142 Impact, Exploitability, and Mitigation Steps | Wiz