CVE-2023-53826

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the UBI (Unsorted Block Images) subsystem of the Linux kernel. Specifically, a wear-leveling entry can be freed in an error path and subsequently accessed in the eraseblk count seq show() function. This occurs because wear-leveling entry updating and accessing in ubi->lookuptbl are not properly serialized with ubi->wl lock. The issue is present in the interaction between wl entry destroy() and eraseblk count seq show(), where a wear-leveling entry (wl) is destroyed, and then potentially accessed via wl->ec after being freed. The function eraseblk count seq show() is involved in the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.