7.8

CVE-2023-53608

nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()

The finalization of nilfs_segctor_thread() can race with
nilfs_segctor_kill_thread() which terminates that thread, potentially
causing a use-after-free BUG as KASAN detected.

At the end of nilfs_segctor_thread(), it assigns NULL to "sc_task" member
of "struct nilfs_sc_info" to indicate the thread has finished, and then
notifies nilfs_segctor_kill_thread() of this using waitqueue
"sc_wait_task" on the struct nilfs_sc_info.

However, here, immediately after the NULL assignment to "sc_task", it is
possible that nilfs_segctor_kill_thread() will detect it and return to
continue the deallocation, freeing the nilfs_sc_info structure before the
thread does the notification.

This fixes the issue by protecting the NULL assignment to "sc_task" and
its notification, with spinlock "sc_state_lock" of the struct
nilfs_sc_info.  Since nilfs_segctor_kill_thread() does a final check to
see if "sc_task" is NULL with "sc_state_lock" locked, this can eliminate
the race.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.30 < 4.14.313
LinuxLinux Kernel Version >= 4.15 < 4.19.281
LinuxLinux Kernel Version >= 4.20 < 5.4.241
LinuxLinux Kernel Version >= 5.5 < 5.10.178
LinuxLinux Kernel Version >= 5.11 < 5.15.107
LinuxLinux Kernel Version >= 5.16 < 6.1.24
LinuxLinux Kernel Version >= 6.2 < 6.2.11
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
LinuxLinux Kernel Version6.3 Updaterc3
LinuxLinux Kernel Version6.3 Updaterc4
LinuxLinux Kernel Version6.3 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.036
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5
Patch
https://git.kernel.org/stable/c/0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc
Patch
https://git.kernel.org/stable/c/613bf23c070d11c525268f2945aa594704a9b764
Patch
https://git.kernel.org/stable/c/f32297dba338dc06d62286dedb3cdbd5175b1719
Patch
https://git.kernel.org/stable/c/92684e02654c91a61a0b0561433b710bcece19fe
Patch
https://git.kernel.org/stable/c/bae009a2f1b7c2011d2e92d8c84868d315c0b97e
Patch
https://git.kernel.org/stable/c/b4d80bd6370b81a1725b6b8f7894802c23a14e9f
Patch
https://git.kernel.org/stable/c/6be49d100c22ffea3287a4b19d7639d259888e33
Patch