CVE-2023-52503

EPSS 0.03%
Veröffentlicht 02.03.2024 22:15:47
Zuletzt bearbeitet 10.12.2024 21:26:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

tee: amdtee: fix use-after-free vulnerability in amdtee_close_session

There is a potential race condition in amdtee_close_session that may
cause use-after-free in amdtee_open_session. For instance, if a session
has refcount == 1, and one thread tries to free this session via:

    kref_put(&sess->refcount, destroy_session);

the reference count will get decremented, and the next step would be to
call destroy_session(). However, if in another thread,
amdtee_open_session() is called before destroy_session() has completed
execution, alloc_session() may return 'sess' that will be freed up
later in destroy_session() leading to use-after-free in
amdtee_open_session.

To fix this issue, treat decrement of sess->refcount and removal of
'sess' from session list in destroy_session() as a critical section, so
that it is executed atomically.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.6 < 5.10.199

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.136

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.59

Linux ≫ Linux Kernel Version >= 6.2 < 6.5.8

Linux ≫ Linux Kernel Version6.6 Updaterc1

Linux ≫ Linux Kernel Version6.6 Updaterc2

Linux ≫ Linux Kernel Version6.6 Updaterc3

Linux ≫ Linux Kernel Version6.6 Updaterc4

Linux ≫ Linux Kernel Version6.6 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1680c82929bc14d706065f123dab77f2f1293116

Patch

https://git.kernel.org/stable/c/1c95574350cd63bc3c5c2fa06658010768f2a0ce

Patch

https://git.kernel.org/stable/c/60c3e7a00db954947c265b55099c21b216f2a05c

Patch

https://git.kernel.org/stable/c/da7ce52a2f6c468946195b116615297d3d113a27

Patch

https://git.kernel.org/stable/c/f4384b3e54ea813868bb81a861bf5b2406e15d8f

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52503

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52503

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52503

EUVD