CVE-2023-53608

HIGH EPSS 3.4%
Published Oct 4, 20258mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 4, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected. At the end of nilfs_segctor_thread(), it assigns NULL to "sc_task" member of "struct nilfs_sc_info" to indicate the thread has finished, and then notifies nilfs_segctor_kill_thread() of this using waitqueue "sc_wait_task" on the struct nilfs_sc_info. However, here, immediately after the NULL assignment to "sc_task", it is possible that nilfs_segctor_kill_thread() will detect it and return to continue the deallocation, freeing the nilfs_sc_info structure before the thread does the notification. This fixes the issue by protecting the NULL assignment to "sc_task" and its notification, with spinlock "sc_state_lock" of the struct nilfs_sc_info. Since nilfs_segctor_kill_thread() does a final check to see if "sc_task" is NULL with "sc_state_lock" locked, this can eliminate the race.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
3.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.30  –  <4.14.313
linuxlinux_kernel*≥4.15  –  <4.19.281
linuxlinux_kernel*≥4.20  –  <5.4.241
linuxlinux_kernel*≥5.5  –  <5.10.178
linuxlinux_kernel*≥5.11  –  <5.15.107
linuxlinux_kernel*≥5.16  –  <6.1.24
linuxlinux_kernel*≥6.2  –  <6.2.11
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/613bf23c070d11c525268f2945aa594704a9b764
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6be49d100c22ffea3287a4b19d7639d259888e33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92684e02654c91a61a0b0561433b710bcece19fe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4d80bd6370b81a1725b6b8f7894802c23a14e9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bae009a2f1b7c2011d2e92d8c84868d315c0b97e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f32297dba338dc06d62286dedb3cdbd5175b1719
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/613bf23c070d11c525268f2945aa594704a9b764
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6be49d100c22ffea3287a4b19d7639d259888e33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92684e02654c91a61a0b0561433b710bcece19fe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4d80bd6370b81a1725b6b8f7894802c23a14e9f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bae009a2f1b7c2011d2e92d8c84868d315c0b97e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f32297dba338dc06d62286dedb3cdbd5175b1719
    Patch