CVE-2023-52760

Summary

CVE-2023-52760 is a vulnerability affecting the Linux kernel that has been addressed. The issue lies in the gfs2 file system where the quota data structures were not being properly cleaned up, leading to a use-after-free condition. Specifically, in the gfs2_put_super() function, the quota should have been handled by gfs2_quota_cleanup(), but in some instances, it was being freed before the callback had run for all gfs2_quota_data objects. Consequently, this resulted in use-after-free behavior. The resolution involves removing unnecessary calls to gfs2_destroy_threads() and gfs2_quota_cleanup() in gfs2_put_super() after gfs2_make_fs_ro() has been invoked.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.