CVE-2023-52837
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52837
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52837.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52837
- Downstream
- Related
- Published
- 2024-05-21T15:31:37Z
- Modified
- 2025-10-21T15:10:37.186077Z
- Summary
- nbd: fix uaf in nbd_open
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix uaf in nbd_open
Commit 4af5f2e03013 ("nbd: use blkmqallocdisk and blkcleanupdisk") cleans up disk by blkcleanupdisk() and it won't set disk->privatedata as NULL as before. UAF may be triggered in nbdopen() if someone tries to open nbd device right after nbdput() since nbd has been free in nbddevremove().
Fix this by implementing ->free_disk and free private data in it.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b
- https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3
- https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe
- https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4af5f2e0301311f88c420fcfc5f3c8611ade20acFixed4e9b3ec84dc97909876641dad14e0a2300d6c2a3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4af5f2e0301311f88c420fcfc5f3c8611ade20acFixed879947f4180bc6e83af64eb0515e0cf57fce15db
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4af5f2e0301311f88c420fcfc5f3c8611ade20acFixed56bd7901b5e9dbc9112036ea615ebcba1565fafe
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4af5f2e0301311f88c420fcfc5f3c8611ade20acFixed327462725b0f759f093788dfbcb2f1fd132f956b
Affected versions
v5.*
v5.13
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.10
v6.5.11
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.7
v6.5.8
v6.5.9
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@879947f4180bc6e83af64eb0515e0cf57fce15db",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-21cd7d18",
"digest": {
"threshold": 0.9,
"line_hashes": [
"241278684828770172018825890974295028009",
"52126995608373830180836463022700340410",
"250262879988443759638593774267995562608",
"133644468530881695212607845341052066083",
"235569097776759396714547149018345568313",
"290699982851861675771061313328416779200",
"262693718463212930325062903996932135769",
"191245696005573373464279962909965686162",
"16644805479774957135987022256069910662",
"163374787843869954639178974484168520040",
"115799142871319936369029841173725717311",
"92413670129057170830927274028129026169",
"308009939508073735681661602299716100783",
"192798757089417238517841367117962486917",
"297627863424390966237394163551712674176"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@327462725b0f759f093788dfbcb2f1fd132f956b",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-311e0b38",
"digest": {
"threshold": 0.9,
"line_hashes": [
"241278684828770172018825890974295028009",
"52126995608373830180836463022700340410",
"250262879988443759638593774267995562608",
"133644468530881695212607845341052066083",
"235569097776759396714547149018345568313",
"290699982851861675771061313328416779200",
"262693718463212930325062903996932135769",
"191245696005573373464279962909965686162",
"16644805479774957135987022256069910662",
"163374787843869954639178974484168520040",
"115799142871319936369029841173725717311",
"92413670129057170830927274028129026169",
"308009939508073735681661602299716100783",
"192798757089417238517841367117962486917",
"297627863424390966237394163551712674176"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56bd7901b5e9dbc9112036ea615ebcba1565fafe",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nbd_dev_remove",
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-4cc714ad",
"digest": {
"length": 314.0,
"function_hash": "144066462621623238064981384252424812082"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56bd7901b5e9dbc9112036ea615ebcba1565fafe",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-5506784e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"241278684828770172018825890974295028009",
"52126995608373830180836463022700340410",
"250262879988443759638593774267995562608",
"133644468530881695212607845341052066083",
"235569097776759396714547149018345568313",
"290699982851861675771061313328416779200",
"262693718463212930325062903996932135769",
"191245696005573373464279962909965686162",
"16644805479774957135987022256069910662",
"163374787843869954639178974484168520040",
"115799142871319936369029841173725717311",
"92413670129057170830927274028129026169",
"308009939508073735681661602299716100783",
"192798757089417238517841367117962486917",
"297627863424390966237394163551712674176"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@879947f4180bc6e83af64eb0515e0cf57fce15db",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nbd_dev_remove",
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-77fe3eee",
"digest": {
"length": 314.0,
"function_hash": "144066462621623238064981384252424812082"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@327462725b0f759f093788dfbcb2f1fd132f956b",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nbd_dev_remove",
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-9d534ff8",
"digest": {
"length": 314.0,
"function_hash": "144066462621623238064981384252424812082"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4e9b3ec84dc97909876641dad14e0a2300d6c2a3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "nbd_dev_remove",
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-c2d9c151",
"digest": {
"length": 314.0,
"function_hash": "144066462621623238064981384252424812082"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4e9b3ec84dc97909876641dad14e0a2300d6c2a3",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/block/nbd.c"
},
"id": "CVE-2023-52837-f5714d02",
"digest": {
"threshold": 0.9,
"line_hashes": [
"241278684828770172018825890974295028009",
"52126995608373830180836463022700340410",
"250262879988443759638593774267995562608",
"133644468530881695212607845341052066083",
"235569097776759396714547149018345568313",
"290699982851861675771061313328416779200",
"262693718463212930325062903996932135769",
"191245696005573373464279962909965686162",
"16644805479774957135987022256069910662",
"163374787843869954639178974484168520040",
"115799142871319936369029841173725717311",
"92413670129057170830927274028129026169",
"308009939508073735681661602299716100783",
"192798757089417238517841367117962486917",
"297627863424390966237394163551712674176"
]
},
"signature_type": "Line"
}
]