CVE-2023-53307

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails<br /> <br /> If getting an ID or setting up a work queue in rbd_dev_create() fails,<br /> use-after-free on rbd_dev-&gt;rbd_client, rbd_dev-&gt;spec and rbd_dev-&gt;opts<br /> is triggered in do_rbd_add(). The root cause is that the ownership of<br /> these structures is transfered to rbd_dev prematurely and they all end<br /> up getting freed when rbd_dev_create() calls rbd_dev_free() prior to<br /> returning to do_rbd_add().<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE, an<br /> incomplete patch submitted by Natalia Petrova .