CVE-2023-54193

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the net/sched subsystem related to the handling of traffic control blocks. Specifically, the error handler in tcf block bind() frees the cb list without first removing flow block cb instances from the driver list. This results in dangling pointers to freed objects within the driver list, leading to a use-after-free condition. The issue occurs during the deallocation of memory associated with block callbacks. A kernel crash was observed, as indicated by a KASAN (Kernel Address Sanitizer) report. The flow block cb setup simple function and tcf block offload cmd are involved in the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.