Use-After-Free Vulnerability in Linux Kernel Affects RBD Device Creation
CVE-2023-53307

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 September 2025

What is CVE-2023-53307?

A use-after-free vulnerability was identified within the Linux kernel during the RBD device creation process. This issue occurs in the function 'do_rbd_add()' when 'rbd_dev_create()' fails. Specifically, the ownership of certain structures associated with the RBD device is transferred prematurely, leading to a situation where these structures may be accessed after they have been freed. This can result in undefined behaviors, potentially allowing unauthorized actions within the kernel space, thereby compromising system integrity. The vulnerability was discovered by the Linux Verification Center and highlighted through an incomplete patch submitted for review.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1643dfa4c2c827d6e2aa419df8c17b0f24090278 < 71da2a151ed1adb0aea4252b16d81b53012e7afd

Linux 1643dfa4c2c827d6e2aa419df8c17b0f24090278

Linux 1643dfa4c2c827d6e2aa419df8c17b0f24090278 < 9787b328c42c13c4f31e7d5042c4e877e9344068

References

https://git.kernel.org/stable/c/71da2a151ed1adb0aea4252b1...
https://git.kernel.org/stable/c/e3cbb4d60764295992c95344f...
https://git.kernel.org/stable/c/9787b328c42c13c4f31e7d504...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.