CVE-2023-54193Use After Free in Linux

CWE-416Use After Free7 documents6 sources
Severity
5.6MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: remove block_cb from driver_list before freeing Error handler of tcf_block_bind() frees the whole bo->cb_list on error. However, by that time the flow_block_cb instances are already in the driver list because driver ndo_setup_tc() callback is called before that up the call chain in tcf_block_offload_cmd(). This leaves dangling pointers to freed objects in the list and causes use-after-free[0]. Fix it by als

Affected Packages4 packages

Linuxlinux/linux_kernel5.3.05.4.243+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux59094b1e5094c7e50a3d2912202fd30b6a1dadf8cc5fe387c6294d0471cb7ed064efac97fac65ccc+7
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54193: In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: remove block_cb from driver_list before freeing Error handler2025-12-30
GHSA
GHSA-w7r9-4gjq-hqm4: In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: remove block_cb from driver_list before freeing Error handle2025-12-30
OSV
net/sched: cls_api: remove block_cb from driver_list before freeing2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net/sched: cls_api: remove block_cb from driver_list before freeing2025-12-30
Debian
CVE-2023-54193: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54193 Impact, Exploitability, and Mitigation Steps | Wiz