In the Linux kernel, the following vulnerability has been resolved: nbd:
fix uaf in nbd_open Commit 4af5f2e03013 (“nbd: use blk_mq_alloc_disk and
blk_cleanup_disk”) cleans up disk by blk_cleanup_disk() and it won’t set
disk->private_data as NULL as before. UAF may be triggered in nbd_open() if
someone tries to open nbd device right after nbd_put() since nbd has been
free in nbd_dev_remove(). Fix this by implementing ->free_disk and free
private data in it.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
git.kernel.org/linus/327462725b0f759f093788dfbcb2f1fd132f956b (6.7-rc1)
git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b
git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3
git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe
git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db
launchpad.net/bugs/cve/CVE-2023-52837
nvd.nist.gov/vuln/detail/CVE-2023-52837
security-tracker.debian.org/tracker/CVE-2023-52837
www.cve.org/CVERecord?id=CVE-2023-52837