CVE-2023-52503

2024-03-0200:00:00

ubuntu.com

linux kernel

amdtee

use-after-free

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: tee:
amdtee: fix use-after-free vulnerability in amdtee_close_session There is a
potential race condition in amdtee_close_session that may cause
use-after-free in amdtee_open_session. For instance, if a session has
refcount == 1, and one thread tries to free this session via:
kref_put(&sess->refcount, destroy_session); the reference count will get
decremented, and the next step would be to call destroy_session(). However,
if in another thread, amdtee_open_session() is called before
destroy_session() has completed execution, alloc_session() may return
‘sess’ that will be freed up later in destroy_session() leading to
use-after-free in amdtee_open_session. To fix this issue, treat decrement
of sess->refcount and removal of ‘sess’ from session list in
destroy_session() as a critical section, so that it is executed atomically.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN