CVE-2023-53307

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue in the do rbd add() function when rbd dev create() fails. This occurs when ownership of structures like rbd dev->rbd client, rbd dev->spec, and rbd dev->opts is transferred prematurely, leading to their potential freeing during rbd dev create() before returning to do rbd add(). The issue was found by Linux Verification Center (linuxtesting.org) with SVACE, and an incomplete patch was submitted by Natalia Petrova.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-826

Related Identifiers

BDU:2026-03323

CVE-2023-53307

OESA-2025-2406

SUSE-SU-2025:03614-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

Affected Products

Astra Linux

Linux Kernel

Suse

CVE-2023-53307

Weakness Enumeration

Related Identifiers

Affected Products

References · 896