AZL-55636

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55636.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-55636

Upstream

CVE-2023-52837

Published

2024-05-21T16:15:21Z

Modified

2026-04-01T05:18:40.674958Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-52837 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

nbd: fix uaf in nbd_open

Commit 4af5f2e03013 ("nbd: use blkmqallocdisk and blkcleanupdisk") cleans up disk by blkcleanupdisk() and it won't set disk->privatedata as NULL as before. UAF may be triggered in nbdopen() if someone tries to open nbd device right after nbdput() since nbd has been free in nbddevremove().

Fix this by implementing ->free_disk and free private data in it.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-52837

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55636.json"