2363689 – (CVE-2023-53047) CVE-2023-53047 kernel: tee: amdtee: fix race condition in amdtee_open_session

Bug 2363689 (CVE-2023-53047) - CVE-2023-53047 kernel: tee: amdtee: fix race condition in amdtee_open_session

Summary: CVE-2023-53047 kernel: tee: amdtee: fix race condition in amdtee_open_session

Keywords:
Status:	NEW
Alias:	CVE-2023-53047
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-02 16:01 UTC by OSIDB Bzimport
Modified:	2025-06-20 15:51 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-05-02 16:01:49 UTC

In the Linux kernel, the following vulnerability has been resolved:

tee: amdtee: fix race condition in amdtee_open_session

There is a potential race condition in amdtee_open_session that may
lead to use-after-free. For instance, in amdtee_open_session() after
sess->sess_mask is set, and before setting:

    sess->session_info[i] = session_info;

if amdtee_close_session() closes this same session, then 'sess' data
structure will be released, causing kernel panic when 'sess' is
accessed within amdtee_open_session().

The solution is to set the bit sess->sess_mask as the last step in
amdtee_open_session().

Comment 1 Avinash Hanwate 2025-05-05 04:35:21 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050204-CVE-2023-53047-7e31@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.