-
CVE-2023-53445
- EPSS 0.02%
- Published 18.09.2025 16:15:48
- Last modified 19.09.2025 16:00:27
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtr_recvmsg() Syzbot reported a bug as following: refcount_t: addition on 0; use-after-free. ... RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25 ... Call Trace: <TASK> __refcount_add include/linux/refcount.h:199 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] kref_get include/linux/kref.h:45 [inline] qrtr_node_acquire net/qrtr/af_qrtr.c:202 [inline] qrtr_node_lookup net/qrtr/af_qrtr.c:398 [inline] qrtr_send_resume_tx net/qrtr/af_qrtr.c:1003 [inline] qrtr_recvmsg+0x85f/0x990 net/qrtr/af_qrtr.c:1070 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg+0xe2/0x160 net/socket.c:1038 qrtr_ns_worker+0x170/0x1700 net/qrtr/ns.c:688 process_one_work+0x991/0x15c0 kernel/workqueue.c:2390 worker_thread+0x669/0x1090 kernel/workqueue.c:2537 It occurs in the concurrent scenario of qrtr_recvmsg() and qrtr_endpoint_unregister() as following: cpu0 cpu1 qrtr_recvmsg qrtr_endpoint_unregister qrtr_send_resume_tx qrtr_node_release qrtr_node_lookup mutex_lock(&qrtr_node_lock) spin_lock_irqsave(&qrtr_nodes_lock, ) refcount_dec_and_test(&node->ref) [node->ref == 0] radix_tree_lookup [node != NULL] __qrtr_node_release qrtr_node_acquire spin_lock_irqsave(&qrtr_nodes_lock, ) kref_get(&node->ref) [WARNING] ... mutex_unlock(&qrtr_node_lock) Use qrtr_node_lock to protect qrtr_node_lookup() implementation, this is actually improving the protection of node reference.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
98a9cd82c541ef6cbdb829cd6c05cbbb471e373c
Version
0a7e0d0ef05440db03c3199e84d228db943b237f
Status
affected
Version <
b9ba5906c42089f8e1d0001b7b50a7940f086cbb
Version
0a7e0d0ef05440db03c3199e84d228db943b237f
Status
affected
Version <
aa95efa187b4114075f312b3c4680d050b56fdec
Version
0a7e0d0ef05440db03c3199e84d228db943b237f
Status
affected
Version <
48a07f6e00d305597396da4d7494b81cec05b9d3
Version
0a7e0d0ef05440db03c3199e84d228db943b237f
Status
affected
Version <
44d807320000db0d0013372ad39b53e12d52f758
Version
0a7e0d0ef05440db03c3199e84d228db943b237f
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
5.6
Status
affected
Version <
5.6
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.178
Status
unaffected
Version <=
5.15.*
Version
5.15.107
Status
unaffected
Version <=
6.1.*
Version
6.1.24
Status
unaffected
Version <=
6.2.*
Version
6.2.11
Status
unaffected
Version <=
*
Version
6.3
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.047 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|