VDB

CISA-2023-52837

CISA-2023-52837 PUBLISHED

Reported by Linux · Published May 21, 2024

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered in nbd_open() if someone tries to open nbd device right after nbd_put() since nbd has been free in nbd_dev_remove(). Fix this by implementing ->free_disk and free private data in it.

Affected Products

VendorProductVersions
LinuxLinux4af5f2e0301311f88c420fcfc5f3c8611ade20ac, 4af5f2e0301311f88c420fcfc5f3c8611ade20ac, 4af5f2e0301311f88c420fcfc5f3c8611ade20ac
LinuxLinux5.14, 0, 6.1.63
linuxlinux_kernel5.14, 5.14, 5.14
LinuxLinux4af5f2e0301311f88c420fcfc5f3c8611ade20ac, 4af5f2e0301311f88c420fcfc5f3c8611ade20ac, 4af5f2e0301311f88c420fcfc5f3c8611ade20ac

Timeline

  • May 21, 2024 CVE Published
  • May 4, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›