CVE-2023-2162: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-2162) was discovered in the iscsiswtcpsessioncreate function within the drivers/scsi/iscsi_tcp.c file of the Linux Kernel's SCSI sub-component. The vulnerability was reported by Mike Christie and disclosed in April 2023. The flaw affects the iSCSI TCP implementation in various Linux distributions including Red Hat Enterprise Linux, Debian, and Ubuntu (CVE Mitre, Ubuntu Security).

The vulnerability occurs during the login process when accessing the host's IP address attribute. If iscsitcpr2tpoolalloc() fails during iscsiswtcpsessioncreate(), userspace could still be accessing the host's IP address attribute. If the session is then freed via iscsisessionteardown() while userspace is still accessing the session, a use-after-free condition occurs. The fix involves setting the tcpsw_host->session after completing session creation and ensuring it can no longer fail (Linux SCSI).

On systems where the iSCSI TCP feature is used, a local user might be able to exploit this vulnerability to cause a denial of service (crash or memory corruption) or potentially escalate privileges. The vulnerability could also lead to information leakage of kernel internal data (Debian LTS).

The vulnerability has been patched in various Linux distributions. Updates have been released for Red Hat Enterprise Linux, Debian, and Ubuntu systems. The fix involves modifying the session creation process in the iSCSI TCP implementation to prevent the use-after-free condition. Users are recommended to update their systems to the patched versions (Debian LTS).