CVE-2023-52974
Published: 27 March 2025
Summary
CVE-2023-52974 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2023-52974 is a use-after-free (UAF) vulnerability, classified under CWE-416, in the Linux kernel's SCSI iSCSI TCP (iscsi_tcp) component. The issue arises during the iSCSI login process in iscsi_sw_tcp_session_create(). If iscsi_tcp_r2tpool_alloc() fails, userspace may still access the SCSI host (shost) IP address attribute. Subsequently, iscsi_session_teardown() frees the session while this access is ongoing, triggering the UAF.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), within unchanged scope (S:U). Exploitation yields high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 7.8. The UAF occurs specifically when session creation fails during R2T pool allocation while userspace concurrently accesses the host IP address.
Mitigation involves applying patches from the Linux kernel stable repository, which resolve the issue by deferring the assignment of tcp_sw_host->session until after session creation completes successfully, ensuring no failure path leads to early teardown during userspace access. Relevant commits include 0aaabdb900c7415caa2006ef580322f7eac5f6b6, 496af9d3682ed4c28fb734342a09e6cc0c056ea4, 61e43ebfd243bcbad11be26bd921723027b77441, 6abd4698f4c8a78e7bbfc421205c060c199554a0, and 9758ffe1c07b86aefd7ca8e40d9a461293427ca0.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-59746
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session…
more
via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Linux kernel (local low-priv trigger during iSCSI session creation) directly enables local privilege escalation via memory corruption leading to arbitrary kernel code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely installation of Linux kernel patches directly remediates the UAF vulnerability during iSCSI TCP session creation failure.
System memory protections such as KASLR, SMEP, and SMAP mitigate exploitation of the use-after-free in the iSCSI kernel component.
Vulnerability scanning identifies the presence of CVE-2023-52974 in kernel versions, enabling prioritization and remediation.