CVE-2023-52974
Published: 27 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2023-52974 is a use-after-free (UAF) vulnerability, classified under CWE-416, in the Linux kernel's SCSI iSCSI TCP (iscsi_tcp) component. The issue arises during the iSCSI login process in iscsi_sw_tcp_session_create(). If iscsi_tcp_r2tpool_alloc() fails, userspace may still access the SCSI host (shost) IP address attribute. Subsequently, iscsi_session_teardown() frees the session while this access is ongoing, triggering the UAF.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), within unchanged scope (S:U). Exploitation yields high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 7.8. The UAF occurs specifically when session creation fails during R2T pool allocation while userspace concurrently accesses the host IP address.
Mitigation involves applying patches from the Linux kernel stable repository, which resolve the issue by deferring the assignment of tcp_sw_host->session until after session creation completes successfully, ensuring no failure path leads to early teardown during userspace access. Relevant commits include 0aaabdb900c7415caa2006ef580322f7eac5f6b6, 496af9d3682ed4c28fb734342a09e6cc0c056ea4, 61e43ebfd243bcbad11be26bd921723027b77441, 6abd4698f4c8a78e7bbfc421205c060c199554a0, and 9758ffe1c07b86aefd7ca8e40d9a461293427ca0.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Use-after-free in Linux kernel (local low-priv trigger during iSCSI session creation) directly enables local privilege escalation via memory corruption leading to arbitrary kernel code execution.