CVE-2023-52974

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52974
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52974.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52974
Downstream
Related
Published
2025-03-27T16:43:13.792Z
Modified
2026-03-12T03:27:51.040355Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

If during iscsiswtcpsessioncreate() iscsitcpr2tpoolalloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsisession_teardown() while userspace is still accessing the session we will hit a use after free bug.

Set the tcpswhost->session after we have completed session creation and can no longer fail.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52974.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a79af8a64d395bd89de8695a5ea5e1a7f01f02a8
Fixed
496af9d3682ed4c28fb734342a09e6cc0c056ea4
Fixed
6abd4698f4c8a78e7bbfc421205c060c199554a0
Fixed
d4d765f4761f9e3a2d62992f825aeee593bcb6b9
Fixed
9758ffe1c07b86aefd7ca8e40d9a461293427ca0
Fixed
0aaabdb900c7415caa2006ef580322f7eac5f6b6
Fixed
61e43ebfd243bcbad11be26bd921723027b77441
Fixed
f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52974.json"