Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-52837HistoryMay 21, 2024 - 4:15 p.m.
CVE-2023-52837
2024-05-2116:15:21
Debian Security Bug Tracker
security-tracker.debian.org
2
linux kernel
vulnerability
fixed
nbd
uaf
nbd_open
disk
private data
In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 (“nbd: use blk_mq_alloc_disk and blk_cleanup_disk”) cleans up disk by blk_cleanup_disk() and it won’t set disk->private_data as NULL as before. UAF may be triggered in nbd_open() if someone tries to open nbd device right after nbd_put() since nbd has been free in nbd_dev_remove(). Fix this by implementing ->free_disk and free private data in it.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 6.1.64-1 | linux_6.1.64-1_all.deb |
| Debian | 11 | all | linux | < 5.10.218-1 | linux_5.10.218-1_all.deb |
| Debian | 999 | all | linux | < 6.6.8-1 | linux_6.6.8-1_all.deb |
| Debian | 13 | all | linux | < 6.6.8-1 | linux_6.6.8-1_all.deb |
Related
nvd
nvd
CVE-2023-52837
2024-05-21 16:15:21
cve
cve
CVE-2023-52837
2024-05-21 16:15:21
redhatcve
redhatcve
CVE-2023-52837
2024-05-23 11:13:11
cvelist
cvelist
CVE-2023-52837 nbd: fix uaf in nbd_open
2024-05-21 15:31:37
ubuntucve
ubuntucve
CVE-2023-52837
2024-05-21 00:00:00
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Related for DEBIANCVE:CVE-2023-52837