CVE-2023-52974

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail.

Reserved 2025-03-27 | Published 2025-03-27 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 496af9d3682ed4c28fb734342a09e6cc0c056ea4
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 6abd4698f4c8a78e7bbfc421205c060c199554a0
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before d4d765f4761f9e3a2d62992f825aeee593bcb6b9
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9758ffe1c07b86aefd7ca8e40d9a461293427ca0
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 0aaabdb900c7415caa2006ef580322f7eac5f6b6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 61e43ebfd243bcbad11be26bd921723027b77441
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3
affected

Default status
affected

4.14.306
unaffected

4.19.273
unaffected

5.4.232
unaffected

5.10.168
unaffected

5.15.93
unaffected

6.1.11
unaffected

6.2
unaffected

References

git.kernel.org/...c/496af9d3682ed4c28fb734342a09e6cc0c056ea4

git.kernel.org/...c/6abd4698f4c8a78e7bbfc421205c060c199554a0

git.kernel.org/...c/d4d765f4761f9e3a2d62992f825aeee593bcb6b9

git.kernel.org/...c/9758ffe1c07b86aefd7ca8e40d9a461293427ca0

git.kernel.org/...c/0aaabdb900c7415caa2006ef580322f7eac5f6b6

git.kernel.org/...c/61e43ebfd243bcbad11be26bd921723027b77441

git.kernel.org/...c/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3

cve.org (CVE-2023-52974)

nvd.nist.gov (CVE-2023-52974)

Download JSON