DEBIAN-CVE-2023-54269
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-54269
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54269.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-54269
- Upstream
- Published
- 2025-12-30T13:16:15.737Z
- Modified
- 2025-12-31T11:20:43.176100Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: double free xprtctxt while still in use When an RPC request is deferred, the rqxprtctxt pointer is moved out of the svcrqst into the svcdeferredreq. When the deferred request is revisited, the pointer is copied into the new svcrqst - and also remains in the svcdeferredreq. In the (rare?) case that the request is deferred a second time, the old svcdeferredreq is reused - it still has all the correct content. However in that case the rqxprtctxt pointer is NOT cleared so that when xporeleasexprt is called, the ctxt is freed (UDP) or possible added to a free list (RDMA). When the deferred request is revisited for a second time, it will reference this ctxt which may be invalid, and the free the object a second time which is likely to oops. So change svcdefer() to always clear rqxprtctxt, and assert that the value is now stored in the svcdeferredreq.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source