Описание
In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue. Fixed by adding a call to finish_wait(), which ensures that the waiting task will always be removed from the wait queue.
In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue. Fixed by adding a call to finish_wait(), which ensures that the waiting task will always be removed from the wait queue.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-53025
- https://git.kernel.org/stable/c/0a27dcd5343026ac0cb168ee63304255372b7a36
- https://git.kernel.org/stable/c/32d5eb95f8f0e362e37c393310b13b9e95404560
- https://git.kernel.org/stable/c/6ac4c383c39f8f2f955f868d1ad9365c2363e80b
- https://git.kernel.org/stable/c/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
Связанные уязвимости
An expired pointer dereference flaw was found in the NFSv4 implementation in the Linux kernel, which may negatively affect system availability when the kernel thread is signaled during a mount/unmount operation. If signal_pending() returns true, schedule_timeout() will not be executed, causing the waiting task to remain in the wait queue, which may lead to a use after free later on. This can impact system stability, leading to memory corruption and possibly arbitrary code execution.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Уязвимость компонента NFSD ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
