CVE-2023-53082

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-252.el9.x86 64

Description A vulnerability in the Linux kernel has been resolved, which was causing a kernel panic when unplugging the vp vdpa device. The root cause of the issue is a use-after-free error in the vdpa mgmtdev unregister() function. This error occurs when the function accesses modern devices, leading to a crash. The issue is triggered by the vp vdpa remove function, which needs to change its sequence to prevent the crash.

Recommendations For Linux kernel versions prior to 5.14.0-252.el9.x86 64, update to a newer version that includes the fix for this issue. As a temporary workaround, consider disabling the vp vdpa remove function until a patch is available. Restrict access to the vp vdpa device to minimize the risk of exploitation. Avoid using the vdpa mgmtdev unregister function in the affected kernel versions until the issue is resolved.