CVE-2023-53047
Published: May 5, 2025Last modified: May 5, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting: sess->session_info[i] = session_info; if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session(). The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.7 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.33-r0) |
| 25 LTS | linux-lts | Not affected (6.6.89-r0) | |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/02b296978a2137d7128151c542e84dc96400bc00
- https://git.kernel.org/stable/c/a63cce9393e4e7dbc5af82dc87e68cb321cb1a78
- https://git.kernel.org/stable/c/b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35
- https://git.kernel.org/stable/c/f632a90f8e39db39b322107b9a8d438b826a7f4f
- https://git.kernel.org/stable/c/f8502fba45bd30e1a6a354d9d898bc99d1a11e6d