CVE-2023-52483

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mctp: perform route lookups under a RCU read-side lock<br /> <br /> Our current route lookups (mctp_route_lookup and mctp_route_lookup_null)<br /> traverse the net&amp;#39;s route list without the RCU read lock held. This means<br /> the route lookup is subject to preemption, resulting in an potential<br /> grace period expiry, and so an eventual kfree() while we still have the<br /> route pointer.<br /> <br /> Add the proper read-side critical section locks around the route<br /> lookups, preventing premption and a possible parallel kfree.<br /> <br /> The remaining net-&gt;mctp.routes accesses are already under a<br /> rcu_read_lock, or protected by the RTNL for updates.<br /> <br /> Based on an analysis from Sili Luo , where<br /> introducing a delay in the route lookup could cause a UAF on<br /> simultaneous sendmsg() and route deletion.