CVE-2023-52975: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-52975) was discovered in the Linux kernel's iSCSI TCP implementation. The vulnerability occurs during iSCSI session logout when another task accesses the shost ipaddress attribute. This vulnerability affects Linux kernel versions from 5.16 up to (excluding) 6.1.11 and versions up to (excluding) 5.15.93 (NVD).

The vulnerability manifests as a use-after-free condition in the rawspinlockbh function during iSCSI session logout. When another task attempts to access the shost ipaddress attribute during the logout process, it can trigger a KASAN (Kernel Address Sanitizer) use-after-free report. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to privilege escalation, information disclosure, or system crashes. Given the CVSS score and vector string, successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected system, though local access is required (NVD).

The vulnerability has been fixed in Linux kernel version 6.1.11 and later. Users should update their Linux kernel to a patched version. The fix involves addressing the UAF issue during logout when accessing the shost ipaddress (Debian Security).