CVE-2023-53867

high

Description

In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session->s_cap_lock' is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash. We need to check the existence of the cap just after the 'ci->i_ceph_lock' being acquired. And do nothing if it's already removed.

References

https://git.kernel.org/stable/c/ae6e935618d99cdba11eab4714092e7e5f13cf7e

https://git.kernel.org/stable/c/aaf67de78807c59c35bafb5003d4fb457c764800

https://git.kernel.org/stable/c/448875a73e16ba7d81dec9274ce9d33a12d092fb

https://git.kernel.org/stable/c/2b2515b8095cf2149bef44383a99d5b5677f1831

Details

Source: Mitre, NVD

Published: 2025-12-24

Updated: 2025-12-24

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00018