CVE-2023-53021

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A use-after-free issue has been identified in the Linux kernel, specifically in the sch taprio component. This issue occurs when a taprio qdisc is installed with an invalid TCA RATE attribute, leading to a crash in net tx action(). The problem arises because the hrtimer used by taprio has already fired, causing advance sched() to call netif schedule(), which then attempts to use a destroyed qdisc. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel versions prior to the fixed version, consider disabling the sch taprio component until a patch is available. As a temporary workaround, restrict access to the vulnerable qdisc to minimize the risk of exploitation. Avoid using the TCA RATE attribute in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.