CVE-2023-52837

nbd: fix uaf in nbd_open

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

nbd: fix uaf in nbd_open

Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and
blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set
disk->private_data as NULL as before. UAF may be triggered in nbd_open()
if someone tries to open nbd device right after nbd_put() since nbd has
been free in nbd_dev_remove().

Fix this by implementing ->free_disk and free private data in it.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nbd: corrija uaf en nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk y blk_cleanup_disk") limpia el disco mediante blk_cleanup_disk() y no configurará disk->private_data como NULL como antes. UAF puede activarse en nbd_open() si alguien intenta abrir el dispositivo nbd justo después de nbd_put() ya que nbd ha estado libre en nbd_dev_remove(). Solucione este problema implementando ->free_disk y datos privados gratuitos en él.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/4af5f2e0301311f88c420fcfc5f3c8611ade20ac	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3	2023-11-20
https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db	2023-11-20
https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe	2023-11-20
https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.1.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.1.63"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.5.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.5.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.6.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.7"		en		Affected