In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_add(). Found by Linux Verification Center (linuxtesting.org) with SVACE, an incomplete patch submitted by Natalia Petrova <n.petrova@fintech.ru>.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/71da2a151ed1adb0aea4252b16d81b53012e7afd cve-icon cve-icon
https://git.kernel.org/stable/c/9787b328c42c13c4f31e7d5042c4e877e9344068 cve-icon cve-icon
https://git.kernel.org/stable/c/a73783e4e0c4d1507794da211eeca75498544dff cve-icon cve-icon
https://git.kernel.org/stable/c/ae16346078b1189aee934afd872d9f3d0a682c33 cve-icon cve-icon
https://git.kernel.org/stable/c/cc8c0dd2984503ed09efa37bcafcef3d3da104e8 cve-icon cve-icon
https://git.kernel.org/stable/c/e3cbb4d60764295992c95344f2d779439e8b34ce cve-icon cve-icon
https://git.kernel.org/stable/c/f7c4d9b133c7a04ca619355574e96b6abf209fba cve-icon cve-icon
https://git.kernel.org/stable/c/faa7b683e436664fff5648426950718277831348 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53307-129b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53307 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53307 cve-icon
History

Wed, 17 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Tue, 16 Sep 2025 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up a work queue in rbd_dev_create() fails, use-after-free on rbd_dev->rbd_client, rbd_dev->spec and rbd_dev->opts is triggered in do_rbd_add(). The root cause is that the ownership of these structures is transfered to rbd_dev prematurely and they all end up getting freed when rbd_dev_create() calls rbd_dev_free() prior to returning to do_rbd_add(). Found by Linux Verification Center (linuxtesting.org) with SVACE, an incomplete patch submitted by Natalia Petrova <n.petrova@fintech.ru>.
Title rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-16T16:11:46.288Z

Updated: 2025-09-16T16:11:46.288Z

Reserved: 2025-09-16T08:09:37.994Z

Link: CVE-2023-53307

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-16T17:15:36.477

Modified: 2025-09-16T17:15:36.477

Link: CVE-2023-53307

cve-icon Redhat

Severity : Important

Publid Date: 2025-09-16T00:00:00Z

Links: CVE-2023-53307 - Bugzilla