CVE-2023-53867

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the Ceph subsystem related to capability trimming. Specifically, a use-after-free condition can occur when trimming capabilities after releasing the session capability lock. This happens when a capability is removed by another thread after the lock is released but before it is used in a callback, leading to a potential crash. The issue arises from a lack of verification of the capability's existence immediately after acquiring the ceph lock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.