CVE-2023-53608

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free condition within the nilfs2 filesystem, specifically in the nilfs segctor thread() function. The finalization process of nilfs segctor thread() can race with nilfs segctor kill thread(), potentially leading to a use-after-free issue as detected by KASAN. This occurs because the sc task member of the struct nilfs sc info structure is set to NULL to indicate thread completion, and a notification is sent to nilfs segctor kill thread() via the sc wait task waitqueue. However, before the notification, nilfs segctor kill thread() might deallocate the nilfs sc info structure, resulting in a use-after-free scenario. The issue is addressed by protecting the NULL assignment to sc task and its associated notification with the sc state lock spinlock of the struct nilfs sc info.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.