CVE-2023-53021

Summary

CVE-2023-53021 is a use-after-free vulnerability affecting the Linux kernel's net/sched component, specifically in the sch_taprio qdisc. This issue was reported by SYZbot and occurs when an invalid TCA_RATE attribute is provided during the creation of a taprio qdisc. When the qdisc is destroyed, the hrtimer used by taprio had already fired, causing net_tx_action to attempt to use a destroyed qdisc. As the __netif_schedule() call cannot be undone, the system must wait until one CPU services the qdisc before it can proceed. The vulnerability was discovered during a kernel crash investigation, which revealed the uninitialized values in several spinlock-related functions and the allocation of an uninitialized skb object. These uninitialized values were created during the allocation of an NLMSG_DGRAM netlink message, which in turn was triggered by a call to sock_sendmsg(). The vulnerability exists in kernel versions 6.0.0-rc2 and earlier.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.