CVE-2023-53494

Description

In the Linux kernel, the following vulnerability has been resolved:crypto: xts - Handle EBUSY correctlyAs it is xts only handles the special return value of EINPROGRESS,which means that in all other cases it will free data related to therequest.However, as the caller of xts may specify MAY_BACKLOG, we also needto expect EBUSY and treat it in the same way. Otherwise backloggedrequests will trigger a use-after-free.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.015

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234