CVE-2023-53047

There is a potential race condition in amdteeopensession that may lead to use-after-free. For instance, in amdteeopensession() after sess->sess_mask is set, and before setting:

sess->session_info[i] = session_info;

if amdteeclosesession() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdteeopensession().

The solution is to set the bit sess->sessmask as the last step in amdteeopen_session().

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53047.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

757cc3e9ff1d72d014096399d6e2bf03974d9da1

Fixed

f632a90f8e39db39b322107b9a8d438b826a7f4f

Fixed

02b296978a2137d7128151c542e84dc96400bc00

Fixed

a63cce9393e4e7dbc5af82dc87e68cb321cb1a78

Fixed

b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35

Fixed

f8502fba45bd30e1a6a354d9d898bc99d1a11e6d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53047.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.6.0

Fixed

5.10.177

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.105

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.22

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.2.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53047.json"