CVE-2023-52974
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52974
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52974.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52974
- Downstream
- Related
- Published
- 2025-03-27T17:15:44Z
- Modified
- 2025-08-09T19:01:28Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
If during iscsiswtcpsessioncreate() iscsitcpr2tpoolalloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsisession_teardown() while userspace is still accessing the session we will hit a use after free bug.
Set the tcpswhost->session after we have completed session creation and can no longer fail.
- References
-
- https://git.kernel.org/stable/c/0aaabdb900c7415caa2006ef580322f7eac5f6b6
- https://git.kernel.org/stable/c/496af9d3682ed4c28fb734342a09e6cc0c056ea4
- https://git.kernel.org/stable/c/61e43ebfd243bcbad11be26bd921723027b77441
- https://git.kernel.org/stable/c/6abd4698f4c8a78e7bbfc421205c060c199554a0
- https://git.kernel.org/stable/c/9758ffe1c07b86aefd7ca8e40d9a461293427ca0
- https://git.kernel.org/stable/c/d4d765f4761f9e3a2d62992f825aeee593bcb6b9
- https://git.kernel.org/stable/c/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3