Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-53047

Опубликовано: 02 мая 2025
Источник: nvd
CVSS3: 4.7
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

tee: amdtee: fix race condition in amdtee_open_session

There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting:

sess->session_info[i] = session_info;

if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session().

The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.6 (включая) до 5.10.177 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.15.105 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 6.1.22 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.2.9 (исключая)
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.00018
Низкий

4.7 Medium

CVSS3

Дефекты

CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2023-53047

CVSS3: 4.7
ubuntu
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().

redhat логотип

CVE-2023-53047

CVSS3: 7
redhat
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().

debian логотип

CVE-2023-53047

CVSS3: 4.7
debian
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: t ...

github логотип

GHSA-r348-7mvp-g684

CVSS3: 4.7
github
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().

fstec логотип

BDU:2025-06785

CVSS3: 5.5
fstec
почти 3 года назад

Уязвимость функции amdtee_open_session() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%
0.00018
Низкий

4.7 Medium

CVSS3

Дефекты

CWE-362