CVE-2023-53047
In the Linux kernel, the following vulnerability has been resolved:
tee: amdtee: fix race condition in amdtee_open_session
There is a potential race condition in amdtee_open_session that may lead to use-after-free. For instance, in amdtee_open_session() after sess->sess_mask is set, and before setting:
sess->session_info[i] = session_info;
if amdtee_close_session() closes this same session, then 'sess' data structure will be released, causing kernel panic when 'sess' is accessed within amdtee_open_session().
The solution is to set the bit sess->sess_mask as the last step in amdtee_open_session().
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 5.6 | 5.10.177 |
| linux / linux_kernel | 5.11 | 5.15.105 |
| linux / linux_kernel | 5.16 | 6.1.22 |
| linux / linux_kernel | 6.2 | 6.2.9 |
| linux / linux_kernel | 6.3-rc1 | 6.3-rc1.x |
| linux / linux_kernel | 6.3-rc2 | 6.3-rc2.x |
| linux / linux_kernel | 6.3-rc3 | 6.3-rc3.x |
- https://git.kernel.org/stable/c/02b296978a2137d7128151c542e84dc96400bc00
- https://git.kernel.org/stable/c/a63cce9393e4e7dbc5af82dc87e68cb321cb1a78
- https://git.kernel.org/stable/c/b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35
- https://git.kernel.org/stable/c/f632a90f8e39db39b322107b9a8d438b826a7f4f
- https://git.kernel.org/stable/c/f8502fba45bd30e1a6a354d9d898bc99d1a11e6d
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime