CVE-2023-53307 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails

If getting an ID or setting up a work queue in rbd_dev_create() fails,
use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts
is triggered in do_rbd_add(). The root cause is that the ownership of
these structures is transfered to rbd_dev prematurely and they all end
up getting freed when rbd_dev_create() calls rbd_dev_free() prior to
returning to do_rbd_add().

Found by Linux Verification Center (linuxtesting.org) with SVACE, an
incomplete patch submitted by Natalia Petrova <n.petrova@fintech.ru>.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/71da2a151ed1adb0aea4252b16d81b53012e7afd
https://git.kernel.org/stable/c/9787b328c42c13c4f31e7d5042c4e877e9344068
https://git.kernel.org/stable/c/a73783e4e0c4d1507794da211eeca75498544dff
https://git.kernel.org/stable/c/ae16346078b1189aee934afd872d9f3d0a682c33
https://git.kernel.org/stable/c/cc8c0dd2984503ed09efa37bcafcef3d3da104e8
https://git.kernel.org/stable/c/e3cbb4d60764295992c95344f2d779439e8b34ce
https://git.kernel.org/stable/c/f7c4d9b133c7a04ca619355574e96b6abf209fba
https://git.kernel.org/stable/c/faa7b683e436664fff5648426950718277831348

History

Tue, 16 Sep 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_add(). Found by Linux Verification Center (linuxtesting.org) with SVACE, an incomplete patch submitted by Natalia Petrova <n.petrova@fintech.ru>.
Title		rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
References		https://git.kernel.org/stable/c/71da2a151ed1adb0aea4252b16d81b53012e7afd https://git.kernel.org/stable/c/9787b328c42c13c4f31e7d5042c4e877e9344068 https://git.kernel.org/stable/c/a73783e4e0c4d1507794da211eeca75498544dff https://git.kernel.org/stable/c/ae16346078b1189aee934afd872d9f3d0a682c33 https://git.kernel.org/stable/c/cc8c0dd2984503ed09efa37bcafcef3d3da104e8 https://git.kernel.org/stable/c/e3cbb4d60764295992c95344f2d779439e8b34ce https://git.kernel.org/stable/c/f7c4d9b133c7a04ca619355574e96b6abf209fba https://git.kernel.org/stable/c/faa7b683e436664fff5648426950718277831348

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-16T16:11:46.288Z

Updated: 2025-09-16T16:11:46.288Z

Reserved: 2025-09-16T08:09:37.994Z

Link: CVE-2023-53307

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-16T17:15:36.477

Modified: 2025-09-16T17:15:36.477

Link: CVE-2023-53307

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object