CVE Vulnerabilities

CVE-2023-53608

Published: Oct 04, 2025 | Modified: Oct 04, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()

The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected.

At the end of nilfs_segctor_thread(), it assigns NULL to sc_task member of struct nilfs_sc_info to indicate the thread has finished, and then notifies nilfs_segctor_kill_thread() of this using waitqueue sc_wait_task on the struct nilfs_sc_info.

However, here, immediately after the NULL assignment to sc_task, it is possible that nilfs_segctor_kill_thread() will detect it and return to continue the deallocation, freeing the nilfs_sc_info structure before the thread does the notification.

This fixes the issue by protecting the NULL assignment to sc_task and its notification, with spinlock sc_state_lock of the struct nilfs_sc_info. Since nilfs_segctor_kill_thread() does a final check to see if sc_task is NULL with sc_state_lock locked, this can eliminate the race.

References