Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-52503

UNKNOWN
Published 2024-03-02T21:52:17.854Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-52503. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

tee: amdtee: fix use-after-free vulnerability in amdtee_close_session

There is a potential race condition in amdtee_close_session that may
cause use-after-free in amdtee_open_session. For instance, if a session
has refcount == 1, and one thread tries to free this session via:

kref_put(&sess->refcount, destroy_session);

the reference count will get decremented, and the next step would be to
call destroy_session(). However, if in another thread,
amdtee_open_session() is called before destroy_session() has completed
execution, alloc_session() may return 'sess' that will be freed up
later in destroy_session() leading to use-after-free in
amdtee_open_session.

To fix this issue, treat decrement of sess->refcount and removal of
'sess' from session list in destroy_session() as a critical section, so
that it is executed atomically.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Linux

Affected Versions:

757cc3e9ff1d72d014096399d6e2bf03974d9da1 757cc3e9ff1d72d014096399d6e2bf03974d9da1 757cc3e9ff1d72d014096399d6e2bf03974d9da1 757cc3e9ff1d72d014096399d6e2bf03974d9da1 757cc3e9ff1d72d014096399d6e2bf03974d9da1
Linux

Linux

Affected Versions:

5.6 0 5.10.199 5.15.136 6.1.59 6.5.8 6.6

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-c5gm-r7c3-j9cp

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdtee_close_session There is a potential race condition in amdtee_close_session that may cause use-after-free in amdtee_open_session. For instance, if a session has refcount == 1, and one thread tries to free this session via: kref_put(&sess->refcount, destroy_session); the reference count will get decremented, and the next step would be to call destroy_session(). However, if in another thread, amdtee_open_session() is called before destroy_session() has completed execution, alloc_session() may return 'sess' that will be freed up later in destroy_session() leading to use-after-free in amdtee_open_session. To fix this issue, treat decrement of sess->refcount and removal of 'sess' from session list in destroy_session() as a critical section, so that it is executed atomically.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-52503
WEB https://git.kernel.org/stable/c/1680c82929bc14d706065f123dab77f2f1293116
WEB https://git.kernel.org/stable/c/1c95574350cd63bc3c5c2fa06658010768f2a0ce
WEB https://git.kernel.org/stable/c/60c3e7a00db954947c265b55099c21b216f2a05c
WEB https://git.kernel.org/stable/c/da7ce52a2f6c468946195b116615297d3d113a27
WEB https://git.kernel.org/stable/c/f4384b3e54ea813868bb81a861bf5b2406e15d8f

Advisory provided by GitHub Security Advisory Database. Published: March 3, 2024, Modified: December 10, 2024

References

https://git.kernel.org/stable/c/da7ce52a2f6c468946195b116615297d3d113a27
https://git.kernel.org/stable/c/1680c82929bc14d706065f123dab77f2f1293116
https://git.kernel.org/stable/c/60c3e7a00db954947c265b55099c21b216f2a05c
https://git.kernel.org/stable/c/1c95574350cd63bc3c5c2fa06658010768f2a0ce
https://git.kernel.org/stable/c/f4384b3e54ea813868bb81a861bf5b2406e15d8f
Published: 2024-03-02T21:52:17.854Z
Last Modified: 2025-05-04T07:38:08.762Z
Copied to clipboard!