Use-After-Free Vulnerability in Linux Kernel nilfs2 Module
CVE-2023-53608
What is CVE-2023-53608?
A use-after-free vulnerability exists within the nilfs2 module of the Linux kernel, specifically in the handling of the nilfs_segctor_thread(). This issue arises when the finalization of the thread can race against the termination of that same thread, potentially leading to memory corruption. The problem occurs when the 'sc_task' member of the struct nilfs_sc_info is set to NULL after the thread has completed its tasks, but before it can notify the terminating thread. This scenario may allow nilfs_segctor_kill_thread() to access and deallocate the struct before the notification occurs, risking system stability and security. The vulnerability has been remediated by implementing a spinlock to protect the critical assignment and notification sequence, effectively eliminating the race condition.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 034cce77d52ba013ce62b4f5258c29907eb1ada5
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 613bf23c070d11c525268f2945aa594704a9b764