CVE-2023-52446: 
Linux Debian vulnerability analysis and mitigation

CVE-2023-52446 is a race condition vulnerability discovered in the Linux kernel between btf_put() and map_free() functions. The vulnerability was identified when running test_progs with parallel execution, which triggered a KASAN (Kernel Address Sanitizer) error indicating a use-after-free condition in the bpf_rb_root_free function (Kernel Patch).

The vulnerability stems from a race condition between CPU threads where one thread executes btf_put with an RCU callback while another thread handles bpf_map_free_deferred with system_unbound_wq. This can lead to a situation where btf_struct_metas_free() is called before map->ops->map_free(), potentially causing a use-after-free condition when accessing the value_rec pointer, which may have been freed by btf_struct_metas_free(). The issue has been assigned a CVSS v3.1 base score of 7.8 HIGH with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker with local access to cause a denial of service through a kernel crash, potentially leading to system instability. The use-after-free condition could also potentially be exploited to achieve privilege escalation or unauthorized access to kernel memory (NVD).

The issue has been fixed by moving the btf_put() call after the map_free callback in the kernel code. This solution was chosen over an alternative approach that would have used a kptr style fix, as it provides a cleaner and more maintainable solution (Kernel Patch).