CVE-2023-52975
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's iSCSI TCP module allows local attackers to potentially crash the system or execute arbitrary code by accessing freed memory during session logout. This affects systems using iSCSI storage with the iscsi_tcp driver. Attackers need local access to trigger the vulnerability.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution leading to complete system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if proper access controls prevent local users from accessing iSCSI host parameters.
🎯 Exploit Status
Requires local access and knowledge of iSCSI session management. Race condition between logout and attribute access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0af745fddefbd56198f4f35eb309215ee5f9e21e, 17b738590b97fb3fc287289971d1519ff9b875a1, 6f1d64b13097e85abda0f91b5638000afc5f9a06, or 8859687f5b242c0b057461df0a9ff51d5500783b
Vendor Advisory: https://git.kernel.org/stable/c/0af745fddefbd56198f4f35eb309215ee5f9e21e
Restart Required: Yes
Instructions:
1. Update kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify iSCSI functionality remains operational.
🔧 Temporary Workarounds
Disable iSCSI TCP module
LinuxPrevent loading of vulnerable iSCSI TCP driver if not needed
echo 'blacklist iscsi_tcp' >> /etc/modprobe.d/blacklist.conf
rmmod iscsi_tcp
🧯 If You Can't Patch
- Restrict local user access to systems using iSCSI storage
- Implement strict access controls on /sys/class/iscsi_host/ files
🔍 How to Verify
Check if Vulnerable:
Check if iscsi_tcp module is loaded: lsmod | grep iscsi_tcp AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and iSCSI functionality works normally📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN use-after-free reports in dmesg
- iSCSI session errors
Network Indicators:
- Unexpected iSCSI session disconnections
SIEM Query:
source="kernel" AND "KASAN: use-after-free" AND "iscsi_tcp"