VYPR
Unrated severityNVD Advisory· Published Mar 27, 2025· Updated Jan 5, 2026

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

CVE-2023-52974

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug.

Set the tcp_sw_host->session after we have completed session creation and can no longer fail.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

142

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.