QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2023-53307

Back to search

CVE-2023-53307

Published: Sep 16, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_add(). Found by Linux Verification Center (linuxtesting.org) with SVACE, an incomplete patch submitted by Natalia Petrova <[email protected]>.

VendorProductVersions

Linux

Linux

affected
1643dfa4c2c827d6e2aa419df8c17b0f24090278 - < 71da2a151ed1adb0aea4252b16d81b53012e7afd
affected
1643dfa4c2c827d6e2aa419df8c17b0f24090278 - < e3cbb4d60764295992c95344f2d779439e8b34ce
affected
1643dfa4c2c827d6e2aa419df8c17b0f24090278 - < 9787b328c42c13c4f31e7d5042c4e877e9344068
affected
1643dfa4c2c827d6e2aa419df8c17b0f24090278 - < ae16346078b1189aee934afd872d9f3d0a682c33
affected
1643dfa4c2c827d6e2aa419df8c17b0f24090278 - < a73783e4e0c4d1507794da211eeca75498544dff

+3 more versions

Linux

Linux

affected
4.9
unaffected
0 - < 4.9
unaffected
4.14.308 - <= 4.14.*
unaffected
4.19.276 - <= 4.19.*
unaffected
5.4.235 - <= 5.4.*

+5 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now