CVE-2023-53608
- Source
- https://cve.org/CVERecord?id=CVE-2023-53608
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53608.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53608
- Downstream
- Related
- Published
- 2025-10-04T15:44:17.302Z
- Modified
- 2026-03-20T12:33:15.622453Z
- Summary
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential UAF of struct nilfsscinfo in nilfssegctorthread()
The finalization of nilfssegctorthread() can race with nilfssegctorkill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected.
At the end of nilfssegctorthread(), it assigns NULL to "sctask" member of "struct nilfsscinfo" to indicate the thread has finished, and then notifies nilfssegctorkillthread() of this using waitqueue "scwaittask" on the struct nilfsscinfo.
However, here, immediately after the NULL assignment to "sctask", it is possible that nilfssegctorkillthread() will detect it and return to continue the deallocation, freeing the nilfsscinfo structure before the thread does the notification.
This fixes the issue by protecting the NULL assignment to "sctask" and its notification, with spinlock "scstatelock" of the struct nilfsscinfo. Since nilfssegctorkillthread() does a final check to see if "sctask" is NULL with "scstate_lock" locked, this can eliminate the race.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53608.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/034cce77d52ba013ce62b4f5258c29907eb1ada5
- https://git.kernel.org/stable/c/0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbcc
- https://git.kernel.org/stable/c/613bf23c070d11c525268f2945aa594704a9b764
- https://git.kernel.org/stable/c/6be49d100c22ffea3287a4b19d7639d259888e33
- https://git.kernel.org/stable/c/92684e02654c91a61a0b0561433b710bcece19fe
- https://git.kernel.org/stable/c/b4d80bd6370b81a1725b6b8f7894802c23a14e9f
- https://git.kernel.org/stable/c/bae009a2f1b7c2011d2e92d8c84868d315c0b97e
- https://git.kernel.org/stable/c/f32297dba338dc06d62286dedb3cdbd5175b1719
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53608.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53608
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453Fixed034cce77d52ba013ce62b4f5258c29907eb1ada5Fixed0dbf0e64b91ee8fcb278aea93eb06fc7d56ecbccFixed613bf23c070d11c525268f2945aa594704a9b764Fixedf32297dba338dc06d62286dedb3cdbd5175b1719Fixed92684e02654c91a61a0b0561433b710bcece19feFixedbae009a2f1b7c2011d2e92d8c84868d315c0b97eFixedb4d80bd6370b81a1725b6b8f7894802c23a14e9fFixed6be49d100c22ffea3287a4b19d7639d259888e33