CVE-2023-53047
tee: amdtee: fix race condition in amdtee_open_session
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may
lead to use-after-free. For instance, in amdtee_open_session() after
sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data
structure will be released, causing kernel panic when 'sess' is
accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in
amdtee_open_session().
A use-after-free vulnerability was found in the AMD TEE driver in the Linux kernel. The flaw occurs from a race condition in the `amdtee_open_session()` function, where the session is marked as active in `sess->sess_mask` before the corresponding `sess` structure is fully initialized. If a parallel thread invokes `amdtee_close_session()` during this window of time, it can lead to the structure being freed prematurely. This can lead to system instability, a denial of service, or remote code execution.
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-04-16 CVE Reserved
- 2025-05-02 CVE Published
- 2025-05-04 CVE Updated
- 2025-06-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-826: Premature Release of Resource During Expected Lifetime
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/757cc3e9ff1d72d014096399d6e2bf03974d9da1 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-53047 | 2024-04-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2363689 | 2024-04-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 5.10.177 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.10.177" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 5.15.105 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.105" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.1.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.1.22" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.2.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.2.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.3" | en |
Affected
| ||||||