CVE-2023-51780: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-51780) was discovered in the Linux kernel before version 6.6.8. The vulnerability exists in the do_vcc_ioctl function within net/atm/ioctl.c due to a race condition with vcc_recvmsg. The issue was discovered in December 2023 and affects Linux kernel versions from 2.6.12 to versions prior to 6.6.8 (Kernel Changelog, NVD).

The vulnerability occurs because do_vcc_ioctl() accesses sk->sk_receive_queue without holding the sk->sk_receive_queue.lock, creating a race condition with vcc_recvmsg(). This can lead to a use-after-free scenario through the following flow: do_vcc_ioctl() -> skb_peek() followed by vcc_recvmsg() -> skb_recv_datagram() -> skb_free_datagram(). The issue has been assigned a CVSS v3.1 base score of 7.0 (High) with vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Github Patch, NVD).

A local attacker could exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code. The vulnerability affects the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel (Ubuntu Security, Debian Advisory).

The vulnerability has been fixed in Linux kernel version 6.6.8 by adding sk->sk_receive_queue.lock to do_vcc_ioctl(). Users should upgrade their Linux kernel to version 6.6.8 or later. Various Linux distributions have also released patches for their supported kernel versions (Github Patch, Debian Advisory).

Multiple Linux distributions and vendors have acknowledged the vulnerability and released security advisories and patches. NetApp has released an advisory (NTAP-20240419-0001) detailing the impact on their products and providing mitigation guidance (NetApp Advisory).