CVE-2023-54195

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc7-build3+ #701

Description A flaw exists in the Linux kernel's rxrpc subsystem related to call timeouts. Specifically, the issue occurs when a call is stalled while waiting for a connection, potentially leading to a kernel NULL pointer dereference. The afs make call() function calls rxrpc kernel begin call() and rxrpc kernel set max life(), but the call timer may expire before a connection is assigned. This can result in an oops if the call remains stalled. The fix involves noting timeouts in the struct rxrpc call when the call is created, starting the timer only when the first packet is transmitted. This issue is not directly triggerable from userspace through AF RXRPC, as sendmsg() will return EBUSY if the call is in a waiting state.

Recommendations Update to Linux kernel version 6.3.0-rc7-build3+ #701 or a later version to address this issue.