CVE-2023-53800

NONE EPSS 6.0%
Published Dec 9, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 9, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi] Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735 CPU: 2 PID: 4735 Comm: ubirsvol Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report+0x171/0x472 kasan_report+0xad/0x130 ubi_eba_copy_table+0x11f/0x1c0 [ubi] ubi_resize_volume+0x4f9/0xbc0 [ubi] ubi_cdev_ioctl+0x701/0x1850 [ubi] __x64_sys_ioctl+0x11d/0x170 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK> When ubi_change_vtbl_record() returns an error in ubi_resize_volume(), "new_eba_tbl" will be freed on error handing path, but it is holded by "vol->eba_tbl" in ubi_eba_replace_table(). It means that the liftcycle of "vol->eba_tbl" and "vol" are different, so when resizing volume in next time, it causing an use-after-free fault. Fix it by not freeing "new_eba_tbl" after it replaced in ubi_eba_replace_table(), while will be freed in next volume resizing.

Threat Intelligence

EPSS Exploit Probability
6.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/35f8d4064e54c18424db2997059d4c0b1d13d093
  • git.kernel.org https://git.kernel.org/stable/c/3d6378f7056ac7350338f941001162a8f660853c
  • git.kernel.org https://git.kernel.org/stable/c/53818746e549e61841428892a8d94344494be797
  • git.kernel.org https://git.kernel.org/stable/c/9af31d6ec1a4be4caab2550096c6bd2ba8fba472
  • git.kernel.org https://git.kernel.org/stable/c/9c8be1f165baee53b5a36ea0b3c9281d403a1d0b
  • git.kernel.org https://git.kernel.org/stable/c/b0c951742348d216f094d16ed4f70ae73db881c0
  • git.kernel.org https://git.kernel.org/stable/c/bf795ebbb9995e2fe7945de71177f01c2f1215dc
  • git.kernel.org https://git.kernel.org/stable/c/bf9875aa7f7d624a8c084425b14bf7e5907ebc30

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.