Home

Description

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_add(). Found by Linux Verification Center (linuxtesting.org) with SVACE, an incomplete patch submitted by Natalia Petrova <n.petrova@fintech.ru>.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-16 | Updated 2025-09-16 | Assigner Linux

Product status

Default status
unaffected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before 71da2a151ed1adb0aea4252b16d81b53012e7afd
affected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before e3cbb4d60764295992c95344f2d779439e8b34ce
affected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before 9787b328c42c13c4f31e7d5042c4e877e9344068
affected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before ae16346078b1189aee934afd872d9f3d0a682c33
affected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before a73783e4e0c4d1507794da211eeca75498544dff
affected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before faa7b683e436664fff5648426950718277831348
affected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before cc8c0dd2984503ed09efa37bcafcef3d3da104e8
affected

1643dfa4c2c827d6e2aa419df8c17b0f24090278 (git) before f7c4d9b133c7a04ca619355574e96b6abf209fba
affected

Default status
affected

4.9
affected

Any version before 4.9
unaffected

4.14.308 (semver)
unaffected

4.19.276 (semver)
unaffected

5.4.235 (semver)
unaffected

5.10.173 (semver)
unaffected

5.15.99 (semver)
unaffected

6.1.16 (semver)
unaffected

6.2.3 (semver)
unaffected

6.3 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/71da2a151ed1adb0aea4252b16d81b53012e7afd

git.kernel.org/...c/e3cbb4d60764295992c95344f2d779439e8b34ce

git.kernel.org/...c/9787b328c42c13c4f31e7d5042c4e877e9344068

git.kernel.org/...c/ae16346078b1189aee934afd872d9f3d0a682c33

git.kernel.org/...c/a73783e4e0c4d1507794da211eeca75498544dff

git.kernel.org/...c/faa7b683e436664fff5648426950718277831348

git.kernel.org/...c/cc8c0dd2984503ed09efa37bcafcef3d3da104e8

git.kernel.org/...c/f7c4d9b133c7a04ca619355574e96b6abf209fba

cve.org (CVE-2023-53307)

nvd.nist.gov (CVE-2023-53307)

Download JSON