CVE-2023-52975

CVE-2023-52975 is a use-after-free (UAF) vulnerability in the Linux kernel's iSCSI TCP implementation within the SCSI subsystem. The issue occurs during an iSCSI session logout, where concurrent access to the shost ipaddress attribute by another task can trigger a UAF, as detected by KASAN. This leads to invalid memory access, such as attempting to acquire a spinlock on freed memory, affecting Linux kernels that support iSCSI over TCP, particularly in environments using software iSCSI initiators.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Exploitation involves creating an iSCSI session via netlink messages, triggering a logout in one task to free the session structure, while simultaneously reading the ipaddress sysfs attribute in another task, such as via a tool like 'cat'. Successful exploitation can result in high impacts on confidentiality, integrity, and availability, potentially leading to kernel crashes, data corruption, or arbitrary code execution, as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Mitigation requires applying upstream kernel patches, such as the fixes committed in stable trees at https://git.kernel.org/stable/c/0af745fddefbd56198f4f35eb309215ee5f9e21e, https://git.kernel.org/stable/c/17b738590b97fb3fc287289971d1519ff9b875a1, https://git.kernel.org/stable/c/6f1d64b13097e85abda0f91b5638000afc5f9a06, and https://git.kernel.org/stable/c/8859687f5b242c0b057461df0a9ff51d5500783b. Security practitioners should update affected Linux distributions and kernels to versions incorporating these commits, and consider disabling iSCSI TCP if not required.