CVE-2023-52772

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0

Description The vulnerability is related to a use-after-free issue in the unix stream read actor() function. This can be exploited by an attacker to potentially gain unauthorized access to sensitive information, disrupt system operations, or execute arbitrary code. The issue arises when the u->oob skb pointer is accessed after the unix socket lock has been released, allowing another thread to modify or free the associated memory, leading to a slab-use-after-free error.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the af unix: fix use-after-free in unix stream read actor() vulnerability. Ensure that all systems using the affected kernel versions are updated as soon as possible to prevent potential exploitation. As a temporary workaround, consider restricting access to the vulnerable unix stream read actor() function until a patch is available. However, this should be done with caution and under the guidance of a qualified system administrator, as it may have unintended consequences on system functionality.