CVE-2023-52803
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's SUNRPC client that occurs when cleaning up pipefs dentries. It allows attackers to potentially cause kernel crashes or execute arbitrary code with kernel privileges. Systems running affected Linux kernel versions with SUNRPC enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.
Likely Case
Kernel crash leading to denial of service, system instability, or memory corruption.
If Mitigated
Limited impact if SUNRPC is disabled or systems are not using RPC services.
🎯 Exploit Status
Exploitation requires triggering the race condition during pipefs superblock reallocation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes (see git references in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/17866066b8ac1cc38fb449670bc15dc9fee4b40a
Restart Required: Yes
Instructions:
1. Identify current kernel version. 2. Apply appropriate kernel patch from git references. 3. Rebuild kernel if using custom build. 4. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable SUNRPC
linuxDisable the SUNRPC subsystem if not required.
modprobe -r sunrpc
echo 'blacklist sunrpc' >> /etc/modprobe.d/blacklist.conf
Disable RPC-based services
linuxDisable NFS, CIFS, and other RPC-dependent services.
systemctl stop nfs-server
systemctl disable nfs-server
🧯 If You Can't Patch
- Restrict RPC client usage to trusted applications only.
- Implement strict network segmentation to limit RPC service exposure.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions in git references. Check if SUNRPC module is loaded: lsmod | grep sunrpcCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version. Check system logs for absence of KASAN reports related to dget_parent.📡 Detection & Monitoring
Log Indicators:
- KASAN reports of slab-use-after-free in dget_parent
- Kernel panic messages
- Workqueue errors in rpc_free_client_work
Network Indicators:
- Unusual RPC traffic patterns
- Multiple RPC connection failures
SIEM Query:
source="kernel" AND ("KASAN: slab-use-after-free" OR "dget_parent" OR "rpc_remove_pipedir")🔗 References
- https://git.kernel.org/stable/c/17866066b8ac1cc38fb449670bc15dc9fee4b40a
- https://git.kernel.org/stable/c/194454afa6aa9d6ed74f0c57127bc8beb27c20df
- https://git.kernel.org/stable/c/1cdb52ffd6600a37bd355d8dce58ecd03e55e618
- https://git.kernel.org/stable/c/7749fd2dbef72a52b5c9ffdbf877691950ed4680
- https://git.kernel.org/stable/c/7d61d1da2ed1f682c41cae0c8d4719cdaccee5c5
- https://git.kernel.org/stable/c/bfca5fb4e97c46503ddfc582335917b0cc228264
- https://git.kernel.org/stable/c/cc2e7ebbeb1d0601f7f3c8d93b78fcc03a95e44a
- https://git.kernel.org/stable/c/dedf2a0eb9448ae73b270743e6ea9b108189df46
- https://git.kernel.org/stable/c/17866066b8ac1cc38fb449670bc15dc9fee4b40a
- https://git.kernel.org/stable/c/194454afa6aa9d6ed74f0c57127bc8beb27c20df
- https://git.kernel.org/stable/c/1cdb52ffd6600a37bd355d8dce58ecd03e55e618
- https://git.kernel.org/stable/c/7749fd2dbef72a52b5c9ffdbf877691950ed4680
- https://git.kernel.org/stable/c/7d61d1da2ed1f682c41cae0c8d4719cdaccee5c5
- https://git.kernel.org/stable/c/bfca5fb4e97c46503ddfc582335917b0cc228264
- https://git.kernel.org/stable/c/cc2e7ebbeb1d0601f7f3c8d93b78fcc03a95e44a
- https://git.kernel.org/stable/c/dedf2a0eb9448ae73b270743e6ea9b108189df46
