CVE-2023-52760

Published: May 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling gfs2_make_fs_ro(), there is no need to call them again.

Vendor	Product	Versions
Linux	Linux	affected `f66af88e33212b57ea86da2c5d66c0d9d5c46344 - < 08a28272faa750d4357ea2cb48d2baefd778ea81` affected `f66af88e33212b57ea86da2c5d66c0d9d5c46344 - < bdcb8aa434c6d36b5c215d02a9ef07551be25a37`
Linux	Linux	affected `6.6` unaffected `0 - < 6.6` unaffected `6.6.3 - <= 6.6.` unaffected `6.7 - <= `

References

https://git.kernel.org/stable/c/08a28272faa750d4357ea2cb48d2baefd778ea81

https://git.kernel.org/stable/c/bdcb8aa434c6d36b5c215d02a9ef07551be25a37

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52760

Description

Affected Products

References