-
CVE-2023-53608
- EPSS 0.02%
- Published 04.10.2025 15:44:17
- Last modified 06.10.2025 14:56:21
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected. At the end of nilfs_segctor_thread(), it assigns NULL to "sc_task" member of "struct nilfs_sc_info" to indicate the thread has finished, and then notifies nilfs_segctor_kill_thread() of this using waitqueue "sc_wait_task" on the struct nilfs_sc_info. However, here, immediately after the NULL assignment to "sc_task", it is possible that nilfs_segctor_kill_thread() will detect it and return to continue the deallocation, freeing the nilfs_sc_info structure before the thread does the notification. This fixes the issue by protecting the NULL assignment to "sc_task" and its notification, with spinlock "sc_state_lock" of the struct nilfs_sc_info. Since nilfs_segctor_kill_thread() does a final check to see if "sc_task" is NULL with "sc_state_lock" locked, this can eliminate the race.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
034cce77d52ba013ce62b4f5258c29907eb1ada5
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
613bf23c070d11c525268f2945aa594704a9b764
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
f32297dba338dc06d62286dedb3cdbd5175b1719
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
92684e02654c91a61a0b0561433b710bcece19fe
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
bae009a2f1b7c2011d2e92d8c84868d315c0b97e
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
b4d80bd6370b81a1725b6b8f7894802c23a14e9f
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
6be49d100c22ffea3287a4b19d7639d259888e33
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version <=
4.14.*
Version
4.14.313
Status
unaffected
Version <=
4.19.*
Version
4.19.281
Status
unaffected
Version <=
5.4.*
Version
5.4.241
Status
unaffected
Version <=
5.10.*
Version
5.10.178
Status
unaffected
Version <=
5.15.*
Version
5.15.107
Status
unaffected
Version <=
6.1.*
Version
6.1.24
Status
unaffected
Version <=
6.2.*
Version
6.2.11
Status
unaffected
Version <=
*
Version
6.3
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.053 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|