CVE-2023-53826

NONE EPSS 11.3%
Published Dec 9, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 9, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() Wear-leveling entry could be freed in error path, which may be accessed again in eraseblk_count_seq_show(), for example: __erase_worker eraseblk_count_seq_show wl = ubi->lookuptbl[*block_number] if (wl) wl_entry_destroy ubi->lookuptbl[e->pnum] = NULL kmem_cache_free(ubi_wl_entry_slab, e) erase_count = wl->ec // UAF! Wear-leveling entry updating/accessing in ubi->lookuptbl should be protected by ubi->wl_lock, fix it by adding ubi->wl_lock to serialize wl entry accessing between wl_entry_destroy() and eraseblk_count_seq_show(). Fetch a reproducer in [Link].

Threat Intelligence

EPSS Exploit Probability
11.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1cb14c06d6035539ef4215c4ba0871aea71d7c38
  • git.kernel.org https://git.kernel.org/stable/c/3f9b63dfce44a7c3c095dd93d910408e07ab1845
  • git.kernel.org https://git.kernel.org/stable/c/79548ccdd992707879b4b683b7251c58ddf26f12
  • git.kernel.org https://git.kernel.org/stable/c/84250da1c63cb7d421a3b4812b5c2ce2e47d31a1
  • git.kernel.org https://git.kernel.org/stable/c/84253f3c2dad6be10d30c92626c763d9a9f512ad
  • git.kernel.org https://git.kernel.org/stable/c/9d448dd6bcb61a508204b57ea1f454ba9bac2f24
  • git.kernel.org https://git.kernel.org/stable/c/a100de2974d208cfca032179b02ed4d1a0a7f143
  • git.kernel.org https://git.kernel.org/stable/c/a240bc5c43130c6aa50831d7caaa02a1d84e1bce

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.