CVE-2023-53608
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-04

Last updated on: 2026-03-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates that thread, potentially causing a use-after-free BUG as KASAN detected. At the end of nilfs_segctor_thread(), it assigns NULL to "sc_task" member of "struct nilfs_sc_info" to indicate the thread has finished, and then notifies nilfs_segctor_kill_thread() of this using waitqueue "sc_wait_task" on the struct nilfs_sc_info. However, here, immediately after the NULL assignment to "sc_task", it is possible that nilfs_segctor_kill_thread() will detect it and return to continue the deallocation, freeing the nilfs_sc_info structure before the thread does the notification. This fixes the issue by protecting the NULL assignment to "sc_task" and its notification, with spinlock "sc_state_lock" of the struct nilfs_sc_info. Since nilfs_segctor_kill_thread() does a final check to see if "sc_task" is NULL with "sc_state_lock" locked, this can eliminate the race.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-04
Last Modified
2026-03-23
Generated
2026-05-07
AI Q&A
2025-10-04
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53608
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.3
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free (UAF) issue in the Linux kernel's nilfs2 filesystem code. Specifically, a race condition occurs between two functions, nilfs_segctor_thread() and nilfs_segctor_kill_thread(). The nilfs_segctor_thread() function sets a pointer (sc_task) to NULL to indicate it has finished, then notifies nilfs_segctor_kill_thread(). However, nilfs_segctor_kill_thread() may detect the NULL and proceed to free the associated structure (nilfs_sc_info) before nilfs_segctor_thread() completes its notification, leading to a use-after-free bug. The fix involves protecting the assignment and notification with a spinlock to prevent this race condition.


How can this vulnerability impact me? :

This vulnerability can cause a use-after-free bug in the Linux kernel, which may lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited. The exact impact depends on the environment and how the nilfs2 filesystem is used.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the nilfs2 use-after-free issue in nilfs_segctor_thread(). This fix involves protecting the NULL assignment and notification with a spinlock to prevent the race condition. Until the update is applied, avoid using the affected nilfs2 functionality if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart