-

CVE-2023-53608

EPSS 0.02%
Veröffentlicht 04.10.2025 15:44:17
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()

The finalization of nilfs_segctor_thread() can race with
nilfs_segctor_kill_thread() which terminates that thread, potentially
causing a use-after-free BUG as KASAN detected.

At the end of nilfs_segctor_thread(), it assigns NULL to "sc_task" member
of "struct nilfs_sc_info" to indicate the thread has finished, and then
notifies nilfs_segctor_kill_thread() of this using waitqueue
"sc_wait_task" on the struct nilfs_sc_info.

However, here, immediately after the NULL assignment to "sc_task", it is
possible that nilfs_segctor_kill_thread() will detect it and return to
continue the deallocation, freeing the nilfs_sc_info structure before the
thread does the notification.

This fixes the issue by protecting the NULL assignment to "sc_task" and
its notification, with spinlock "sc_state_lock" of the struct
nilfs_sc_info.  Since nilfs_segctor_kill_thread() does a final check to
see if "sc_task" is NULL with "sc_state_lock" locked, this can eliminate
the race.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 034cce77d52ba013ce62b4f5258c29907eb1ada5

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 613bf23c070d11c525268f2945aa594704a9b764

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < f32297dba338dc06d62286dedb3cdbd5175b1719

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 92684e02654c91a61a0b0561433b710bcece19fe

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < bae009a2f1b7c2011d2e92d8c84868d315c0b97e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < b4d80bd6370b81a1725b6b8f7894802c23a14e9f

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6be49d100c22ffea3287a4b19d7639d259888e33

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 4.14.*

Version 4.14.313

Status unaffected

Version <= 4.19.*

Version 4.19.281

Status unaffected

Version <= 5.4.*

Version 5.4.241

Status unaffected

Version <= 5.10.*

Version 5.10.178

Status unaffected

Version <= 5.15.*

Version 5.15.107

Status unaffected

Version <= 6.1.*

Version 6.1.24

Status unaffected

Version <= 6.2.*

Version 6.2.11

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5

https://git.kernel.org/stable/c/0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc

https://git.kernel.org/stable/c/613bf23c070d11c525268f2945aa594704a9b764

https://git.kernel.org/stable/c/f32297dba338dc06d62286dedb3cdbd5175b1719

https://git.kernel.org/stable/c/92684e02654c91a61a0b0561433b710bcece19fe

https://git.kernel.org/stable/c/bae009a2f1b7c2011d2e92d8c84868d315c0b97e

https://git.kernel.org/stable/c/b4d80bd6370b81a1725b6b8f7894802c23a14e9f

https://git.kernel.org/stable/c/6be49d100c22ffea3287a4b19d7639d259888e33

https://nvd.nist.gov/vuln/detail/CVE-2023-53608

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53608

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53608

EUVD