CVE-2023-52503

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the amdtee component of the Linux kernel. This vulnerability can be caused by a potential race condition in the amdtee close session function, which may lead to use-after-free in the amdtee open session function. For instance, if a session has a reference count of 1 and one thread tries to free this session via kref put(&sess->refcount, destroy session), the reference count will get decremented, and the next step would be to call destroy session(). However, if in another thread, amdtee open session() is called before destroy session() has completed execution, alloc session() may return a session that will be freed up later in destroy session(), leading to use-after-free in amdtee open session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.